# Flog Txt Version 1 # Analyzer Version: 4.3.0 # Analyzer Build Date: Sep 20 2021 05:59:55 # Log Creation Date: 28.09.2021 15:32:42.978 Process: id = "1" image_name = "rfq document.bin.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe" page_root = "0x4b35e000" os_pid = "0x1378" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x640" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 121 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 122 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 123 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 124 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 125 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 126 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 127 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x40312a region_type = mapped_file name = "rfq document.bin.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe") Region: id = 128 start_va = 0x778f0000 end_va = 0x77a6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 129 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 130 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 131 start_va = 0x7fff0000 end_va = 0x7ffb28afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 132 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 133 start_va = 0x7ffb28cc1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb28cc1000" filename = "" Region: id = 271 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 272 start_va = 0x657b0000 end_va = 0x65829fff monitored = 0 entry_point = 0x657c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 273 start_va = 0x65840000 end_va = 0x6588ffff monitored = 0 entry_point = 0x65858180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 274 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 275 start_va = 0x65830000 end_va = 0x65837fff monitored = 0 entry_point = 0x658317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 276 start_va = 0x440000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 277 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 278 start_va = 0x75e80000 end_va = 0x75ffdfff monitored = 0 entry_point = 0x75f31b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 279 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 280 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 281 start_va = 0x440000 end_va = 0x4fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 282 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 283 start_va = 0x74570000 end_va = 0x74601fff monitored = 0 entry_point = 0x745b0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 284 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 285 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 286 start_va = 0x74790000 end_va = 0x748d6fff monitored = 0 entry_point = 0x747a1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 287 start_va = 0x758f0000 end_va = 0x75a3efff monitored = 0 entry_point = 0x759a6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 288 start_va = 0x630000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 289 start_va = 0x670000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 290 start_va = 0x76370000 end_va = 0x7776efff monitored = 0 entry_point = 0x7652b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 291 start_va = 0x75680000 end_va = 0x7573dfff monitored = 0 entry_point = 0x756b5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 292 start_va = 0x75300000 end_va = 0x75336fff monitored = 0 entry_point = 0x75303b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 293 start_va = 0x74c60000 end_va = 0x75158fff monitored = 0 entry_point = 0x74e67610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 294 start_va = 0x754b0000 end_va = 0x7566cfff monitored = 0 entry_point = 0x75592a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 295 start_va = 0x74b50000 end_va = 0x74bfcfff monitored = 0 entry_point = 0x74b64f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 296 start_va = 0x74620000 end_va = 0x7463dfff monitored = 0 entry_point = 0x7462b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 297 start_va = 0x74610000 end_va = 0x74619fff monitored = 0 entry_point = 0x74612a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 298 start_va = 0x74730000 end_va = 0x74787fff monitored = 0 entry_point = 0x747725c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 299 start_va = 0x75740000 end_va = 0x75783fff monitored = 0 entry_point = 0x75759d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 300 start_va = 0x77820000 end_va = 0x7789afff monitored = 0 entry_point = 0x7783e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 301 start_va = 0x75790000 end_va = 0x757d4fff monitored = 0 entry_point = 0x757ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 302 start_va = 0x757e0000 end_va = 0x757ebfff monitored = 0 entry_point = 0x757e3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 303 start_va = 0x748e0000 end_va = 0x7496cfff monitored = 0 entry_point = 0x74929b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 304 start_va = 0x77770000 end_va = 0x777b3fff monitored = 0 entry_point = 0x77777410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 305 start_va = 0x757f0000 end_va = 0x757fefff monitored = 0 entry_point = 0x757f2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 306 start_va = 0x75160000 end_va = 0x7524afff monitored = 0 entry_point = 0x7519d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 307 start_va = 0x770000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 308 start_va = 0x7b0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 309 start_va = 0x6d360000 end_va = 0x6d3f1fff monitored = 0 entry_point = 0x6d36dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 310 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 311 start_va = 0x8b0000 end_va = 0xa37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 312 start_va = 0x75e50000 end_va = 0x75e7afff monitored = 0 entry_point = 0x75e55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 313 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 314 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 315 start_va = 0xa40000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 316 start_va = 0xbd0000 end_va = 0x1fcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bd0000" filename = "" Region: id = 317 start_va = 0x1fd0000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 318 start_va = 0x2000000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 319 start_va = 0x2050000 end_va = 0x20e0fff monitored = 0 entry_point = 0x2088cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 320 start_va = 0x706d0000 end_va = 0x70744fff monitored = 0 entry_point = 0x70709a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 321 start_va = 0x2050000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 322 start_va = 0x706b0000 end_va = 0x706c8fff monitored = 0 entry_point = 0x706b47e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 323 start_va = 0x75a40000 end_va = 0x75e4afff monitored = 0 entry_point = 0x75a6adf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 324 start_va = 0x725b0000 end_va = 0x726fafff monitored = 0 entry_point = 0x72611660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 325 start_va = 0x76150000 end_va = 0x761e1fff monitored = 0 entry_point = 0x76188cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 326 start_va = 0x701d0000 end_va = 0x701ecfff monitored = 0 entry_point = 0x701d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 327 start_va = 0x6d300000 end_va = 0x6d353fff monitored = 0 entry_point = 0x6d31dc50 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\SysWOW64\\oleacc.dll" (normalized: "c:\\windows\\syswow64\\oleacc.dll") Region: id = 328 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\SysWOW64\\oleaccrc.dll" (normalized: "c:\\windows\\syswow64\\oleaccrc.dll") Region: id = 329 start_va = 0x75860000 end_va = 0x758e3fff monitored = 0 entry_point = 0x75886220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 330 start_va = 0x6d420000 end_va = 0x6d427fff monitored = 0 entry_point = 0x6d4217b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 331 start_va = 0x6d410000 end_va = 0x6d415fff monitored = 0 entry_point = 0x6d411570 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 332 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 333 start_va = 0x20a0000 end_va = 0x23d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 334 start_va = 0x2000000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 335 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 336 start_va = 0x23e0000 end_va = 0x24dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 337 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 338 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 339 start_va = 0x1fd0000 end_va = 0x1fd3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 340 start_va = 0x1ff0000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 341 start_va = 0x2050000 end_va = 0x2062fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 342 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 343 start_va = 0x24e0000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 344 start_va = 0x2520000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 345 start_va = 0x1fe0000 end_va = 0x1fe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fe0000" filename = "" Region: id = 346 start_va = 0x6d270000 end_va = 0x6d2f0fff monitored = 0 entry_point = 0x6d276310 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 347 start_va = 0x6d250000 end_va = 0x6d265fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 348 start_va = 0x6d210000 end_va = 0x6d240fff monitored = 0 entry_point = 0x6d2222d0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 349 start_va = 0x1fd0000 end_va = 0x1fd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 350 start_va = 0x76030000 end_va = 0x7614efff monitored = 0 entry_point = 0x76075980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 351 start_va = 0x2070000 end_va = 0x2070fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 352 start_va = 0x2620000 end_va = 0x26dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 353 start_va = 0x2070000 end_va = 0x2073fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 354 start_va = 0x2080000 end_va = 0x2081fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 355 start_va = 0x26e0000 end_va = 0x26e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026e0000" filename = "" Region: id = 356 start_va = 0x26f0000 end_va = 0x26f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 357 start_va = 0x2700000 end_va = 0x270bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002700000" filename = "" Region: id = 358 start_va = 0x6d400000 end_va = 0x6d40ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "tkwj.dll" filename = "\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsb2dc0.tmp\\tkwj.dll") Region: id = 359 start_va = 0x2700000 end_va = 0x2700fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002700000" filename = "" Region: id = 360 start_va = 0x6d140000 end_va = 0x6d1a6fff monitored = 0 entry_point = 0x6d155a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 361 start_va = 0x2710000 end_va = 0x274ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002710000" filename = "" Region: id = 362 start_va = 0x2750000 end_va = 0x284ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002750000" filename = "" Region: id = 363 start_va = 0x6d0c0000 end_va = 0x6d13efff monitored = 0 entry_point = 0x6d0cef20 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\SysWOW64\\mscms.dll" (normalized: "c:\\windows\\syswow64\\mscms.dll") Region: id = 364 start_va = 0x6d1f0000 end_va = 0x6d20efff monitored = 0 entry_point = 0x6d1f9820 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\SysWOW64\\loadperf.dll" (normalized: "c:\\windows\\syswow64\\loadperf.dll") Region: id = 365 start_va = 0x6d1d0000 end_va = 0x6d1e9fff monitored = 0 entry_point = 0x6d1d3820 region_type = mapped_file name = "mapi32.dll" filename = "\\Windows\\SysWOW64\\mapi32.dll" (normalized: "c:\\windows\\syswow64\\mapi32.dll") Region: id = 366 start_va = 0x742c0000 end_va = 0x742dafff monitored = 0 entry_point = 0x742c9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 367 start_va = 0x2850000 end_va = 0xe70cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 368 start_va = 0xe710000 end_va = 0xe756fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e710000" filename = "" Region: id = 385 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 386 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 388 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 389 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 390 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 391 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 392 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 393 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 394 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 395 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 396 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 397 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 398 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 399 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 400 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 401 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Region: id = 402 start_va = 0xe760000 end_va = 0xe8d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e760000" filename = "" Region: id = 403 start_va = 0xe8e0000 end_va = 0xea5afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8e0000" filename = "" Thread: id = 1 os_tid = 0x148 [0109.142] SetErrorMode (uMode=0x8001) returned 0x0 [0109.160] GetVersion () returned 0x23f00206 [0109.160] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74650000 [0109.160] GetProcAddress (hModule=0x74650000, lpProcName="SetDefaultDllDirectories") returned 0x75fb6270 [0109.160] SetDefaultDllDirectories (DirectoryFlags=0xc00) returned 1 [0109.160] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0109.161] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0109.161] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x706d0000 [0110.036] lstrlenA (lpString="UXTHEME") returned 7 [0110.036] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0110.036] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\USERENV.dll") returned 12 [0110.036] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x706b0000 [0110.415] lstrlenA (lpString="USERENV") returned 7 [0110.415] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0110.415] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0110.415] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x75a40000 [0111.250] lstrlenA (lpString="SETUPAPI") returned 8 [0111.250] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.250] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\APPHELP.dll") returned 12 [0111.250] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x74570000 [0111.250] lstrlenA (lpString="APPHELP") returned 7 [0111.250] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.250] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0111.250] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x725b0000 [0111.974] lstrlenA (lpString="PROPSYS") returned 7 [0111.974] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0111.974] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0111.974] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x701d0000 [0112.323] lstrlenA (lpString="DWMAPI") returned 6 [0112.323] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.323] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0112.324] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x74610000 [0112.324] lstrlenA (lpString="CRYPTBASE") returned 9 [0112.324] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0112.324] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\OLEACC.dll") returned 11 [0112.324] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x6d300000 [0113.129] lstrlenA (lpString="OLEACC") returned 6 [0113.129] GetSystemDirectoryA (in: lpBuffer=0x19fcc4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0113.129] wsprintfA (in: param_1=0x19fcd7, param_2="%s%s.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0113.129] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x75860000 [0113.519] lstrlenA (lpString="CLBCATQ") returned 7 [0113.519] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0113.519] GetSystemDirectoryA (in: lpBuffer=0x19fcb4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0113.519] wsprintfA (in: param_1=0x19fcc7, param_2="%s%s.dll" | out: param_1="\\VERSION.dll") returned 12 [0113.519] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x6d420000 [0113.672] GetProcAddress (hModule=0x6d420000, lpProcName="GetFileVersionInfoA") returned 0x6d421490 [0113.672] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0113.672] GetSystemDirectoryA (in: lpBuffer=0x19fcb4, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0113.672] wsprintfA (in: param_1=0x19fcc7, param_2="%s%s.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0113.672] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x6d410000 [0113.685] GetProcAddress (hModule=0x6d410000, lpProcName="SHGetFolderPathA") returned 0x6d411300 [0113.686] InitCommonControls () [0113.686] OleInitialize (pvReserved=0x0) returned 0x0 [0113.737] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x19fe24, cbFileInfo=0x160, uFlags=0x0 | out: psfi=0x19fe24) returned 0x1 [0113.905] lstrcpynA (in: lpString1=0x42e420, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0113.905] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" " [0113.905] lstrcpynA (in: lpString1=0x434000, lpString2="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" ") returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" " [0113.906] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0113.908] GetTempPathA (in: nBufferLength=0x400, lpBuffer=0x435400 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0113.915] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0113.915] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0113.915] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0113.916] GetLastError () returned 0xb7 [0113.916] GetTickCount () returned 0xeb2572 [0113.916] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpPrefixString="nsi", uUnique=0x0, lpTempFileName=0x435000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsi2572.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsi2572.tmp")) returned 0x2572 [0113.918] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsi2572.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsi2572.tmp")) returned 1 [0113.919] GetTickCount () returned 0xeb2572 [0113.919] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x435c00, nSize=0x400 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe")) returned 0x32 [0113.919] GetFileAttributesA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe")) returned 0x20 [0113.919] CreateFileA (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x204 [0113.919] lstrcpynA (in: lpString1=0x434c00, lpString2="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe") returned="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" [0113.919] lstrlenA (lpString="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe") returned 50 [0113.920] lstrcpynA (in: lpString1=0x436000, lpString2="RFQ Document.bin.exe", iMaxLength=1024 | out: lpString1="RFQ Document.bin.exe") returned="RFQ Document.bin.exe" [0113.920] GetFileSize (in: hFile=0x204, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x54305 [0113.921] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.921] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.922] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.923] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.923] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.923] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.923] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.923] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.923] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.935] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.936] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.938] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.939] ReadFile (in: hFile=0x204, lpBuffer=0x420c50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x19fdac, lpOverlapped=0x0 | out: lpBuffer=0x420c50*, lpNumberOfBytesRead=0x19fdac*=0x200, lpOverlapped=0x0) returned 1 [0113.940] SetFilePointer (in: hFile=0x204, lDistanceToMove=49692, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xc21c [0113.940] ReadFile (in: hFile=0x204, lpBuffer=0x19fdac, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fd30, lpOverlapped=0x0 | out: lpBuffer=0x19fdac*, lpNumberOfBytesRead=0x19fd30*=0x4, lpOverlapped=0x0) returned 1 [0113.940] GetTickCount () returned 0xeb2592 [0113.940] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x1913, lpNumberOfBytesRead=0x19fd30, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19fd30*=0x1913, lpOverlapped=0x0) returned 1 [0113.943] GetTickCount () returned 0xeb2592 [0113.943] SetFilePointer (in: hFile=0x204, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xdb33 [0113.943] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x74650000 [0113.943] GetProcAddress (hModule=0x74650000, lpProcName="GetUserDefaultUILanguage") returned 0x7466b0a0 [0113.944] GetUserDefaultUILanguage () returned 0x409 [0113.944] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0113.944] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0113.944] lstrlenA (lpString="iqbk") returned 4 [0113.944] lstrcpynA (in: lpString1=0x42e420, lpString2="iqbk Setup", iMaxLength=1024 | out: lpString1="iqbk Setup") returned="iqbk Setup" [0113.944] SetWindowTextA (hWnd=0x0, lpString="iqbk Setup") returned 0 [0113.947] lstrcpynA (in: lpString1=0x54a174, lpString2="uzcfoxtroxoch", iMaxLength=1024 | out: lpString1="uzcfoxtroxoch") returned="uzcfoxtroxoch" [0113.947] lstrcpynA (in: lpString1=0x54a58c, lpString2="jzwqozdjqxym", iMaxLength=1024 | out: lpString1="jzwqozdjqxym") returned="jzwqozdjqxym" [0113.947] lstrcpynA (in: lpString1=0x54a9a4, lpString2="gcioapsemfyw", iMaxLength=1024 | out: lpString1="gcioapsemfyw") returned="gcioapsemfyw" [0113.947] lstrcpynA (in: lpString1=0x42b4a8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0113.948] lstrcpynA (in: lpString1=0x42b4a8, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0113.948] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0113.948] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0113.948] lstrcpynA (in: lpString1=0x434400, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0113.948] LoadImageA (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x70247 [0113.964] wsprintfA (in: param_1=0x435000, param_2="%d" | out: param_1="1033") returned 4 [0113.964] lstrlenA (lpString="iqbk") returned 4 [0113.964] lstrcpynA (in: lpString1=0x42e420, lpString2="iqbk Setup", iMaxLength=1024 | out: lpString1="iqbk Setup") returned="iqbk Setup" [0113.964] SetWindowTextA (hWnd=0x0, lpString="iqbk Setup") returned 0 [0113.964] lstrcpynA (in: lpString1=0x54a174, lpString2="uzcfoxtroxoch", iMaxLength=1024 | out: lpString1="uzcfoxtroxoch") returned="uzcfoxtroxoch" [0113.964] lstrcpynA (in: lpString1=0x54a58c, lpString2="jzwqozdjqxym", iMaxLength=1024 | out: lpString1="jzwqozdjqxym") returned="jzwqozdjqxym" [0113.964] lstrcpynA (in: lpString1=0x54a9a4, lpString2="gcioapsemfyw", iMaxLength=1024 | out: lpString1="gcioapsemfyw") returned="gcioapsemfyw" [0113.964] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0113.964] GetSystemDirectoryA (in: lpBuffer=0x19fc9c, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0113.964] wsprintfA (in: param_1=0x19fcaf, param_2="%s%s.dll" | out: param_1="\\RichEd20.dll") returned 13 [0113.964] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x6d270000 [0115.263] GetClassInfoA (in: hInstance=0x0, lpClassName="RichEdit20A", lpWndClass=0x42e3c0 | out: lpWndClass=0x42e3c0) returned 1 [0115.264] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x4039b0, dwInitParam=0x0) [0116.031] GetDlgItem (hDlg=0x401e8, nIDDlgItem=1) returned 0x3020c [0116.031] GetDlgItem (hDlg=0x401e8, nIDDlgItem=2) returned 0x401ea [0116.032] SetDlgItemTextA (hDlg=0x401e8, nIDDlgItem=1028, lpString="Nullsoft Install System v2.51") returned 1 [0116.032] SetClassLongA (hWnd=0x401e8, nIndex=-14, dwNewLong=459335) returned 0x0 [0116.035] lstrcpynA (in: lpString1=0x42dbc0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.035] lstrlenA (lpString="") returned 0 [0116.035] lstrcpynA (in: lpString1=0x40a440, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.035] lstrcpynA (in: lpString1=0x40a840, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.035] lstrcmpiA (lpString1="", lpString2="") returned 0 [0116.035] lstrcpynA (in: lpString1=0x42dbc0, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.035] lstrlenA (lpString="") returned 0 [0116.036] lstrcpynA (in: lpString1=0x54824c, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.036] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0116.036] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0116.036] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0116.036] GetTickCount () returned 0xeb2dbf [0116.036] GetTempFileNameA (in: lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpPrefixString="nsb", uUnique=0x0, lpTempFileName=0x42f000 | out: lpTempFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsb2dc0.tmp")) returned 0x2dc0 [0116.038] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.038] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.038] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.038] lstrcpynA (in: lpString1=0x42b4a8, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.038] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.038] FindFirstFileA (in: lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", lpFindFileData=0x42c0f0 | out: lpFindFileData=0x42c0f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58b73313, ftCreationTime.dwHighDateTime=0x1d7b47e, ftLastAccessTime.dwLowDateTime=0x58b73313, ftLastAccessTime.dwHighDateTime=0x1d7b47e, ftLastWriteTime.dwLowDateTime=0x58b73313, ftLastWriteTime.dwHighDateTime=0x1d7b47e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6f004c, dwReserved1=0x610063, cFileName="nsb2DC0.tmp", cAlternateFileName="")) returned 0x5360e8 [0116.038] FindClose (in: hFindFile=0x5360e8 | out: hFindFile=0x5360e8) returned 1 [0116.039] DeleteFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsb2dc0.tmp")) returned 1 [0116.039] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.039] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.039] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.039] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0116.040] GetLastError () returned 0xb7 [0116.040] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0116.040] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0116.040] GetLastError () returned 0xb7 [0116.040] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0116.040] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0116.040] GetLastError () returned 0xb7 [0116.040] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0116.040] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0116.040] GetLastError () returned 0xb7 [0116.041] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0116.041] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0116.041] GetLastError () returned 0xb7 [0116.041] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0116.041] GetModuleHandleA (lpModuleName="SHELL32") returned 0x76370000 [0116.051] GetProcAddress (hModule=0x76370000, lpProcName=0x2a8) returned 0x7661db90 [0116.051] IsUserAnAdmin () returned 1 [0116.051] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsb2dc0.tmp"), lpSecurityAttributes=0x19f5c0) returned 1 [0116.052] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.052] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.052] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.052] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.052] lstrcpynA (in: lpString1=0x435800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.052] lstrcpynA (in: lpString1=0x42f000, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.052] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0116.053] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0116.053] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0116.053] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0116.053] GetLastError () returned 0xb7 [0116.053] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0116.053] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx"), lpSecurityAttributes=0x0) returned 0 [0116.053] GetLastError () returned 0xb7 [0116.053] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1" (normalized: "c:\\users\\rdhj0cnfevzx")) returned 0x10 [0116.053] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), lpSecurityAttributes=0x0) returned 0 [0116.054] GetLastError () returned 0xb7 [0116.054] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata")) returned 0x12 [0116.054] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0116.054] GetLastError () returned 0xb7 [0116.054] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local")) returned 0x10 [0116.054] CreateDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0116.054] GetLastError () returned 0xb7 [0116.054] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 0x10 [0116.054] lstrcpynA (in: lpString1=0x434800, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0116.054] SetCurrentDirectoryA (lpPathName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp")) returned 1 [0116.055] lstrcpynA (in: lpString1=0x40a840, lpString2="trhfchm3wzuw7", iMaxLength=1024 | out: lpString1="trhfchm3wzuw7") returned="trhfchm3wzuw7" [0116.055] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp" [0116.055] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp") returned 36 [0116.055] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" [0116.055] lstrcatA (in: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", lpString2="trhfchm3wzuw7" | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\trhfchm3wzuw7") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\trhfchm3wzuw7" [0116.055] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\trhfchm3wzuw7" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\trhfchm3wzuw7")) returned 0xffffffff [0116.055] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\trhfchm3wzuw7" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\trhfchm3wzuw7")) returned 0xffffffff [0116.055] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\trhfchm3wzuw7" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\trhfchm3wzuw7"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0116.056] SetFilePointer (in: hFile=0x204, lDistanceToMove=56115, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xdb33 [0116.056] ReadFile (in: hFile=0x204, lpBuffer=0x19f798, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x19f798*, lpNumberOfBytesRead=0x19f71c*=0x4, lpOverlapped=0x0) returned 1 [0116.056] GetTickCount () returned 0xeb2dcf [0116.056] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.057] GetTickCount () returned 0xeb2dcf [0116.057] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4176, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4176, lpOverlapped=0x0) returned 1 [0116.059] GetTickCount () returned 0xeb2dcf [0116.059] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.060] GetTickCount () returned 0xeb2dcf [0116.060] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4166, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4166, lpOverlapped=0x0) returned 1 [0116.061] GetTickCount () returned 0xeb2dcf [0116.061] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.061] GetTickCount () returned 0xeb2dcf [0116.062] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x45d0, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x45d0, lpOverlapped=0x0) returned 1 [0116.062] GetTickCount () returned 0xeb2dcf [0116.062] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.063] GetTickCount () returned 0xeb2ddf [0116.063] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x5505, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x5505, lpOverlapped=0x0) returned 1 [0116.132] GetTickCount () returned 0xeb2e1d [0116.132] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.132] GetTickCount () returned 0xeb2e1d [0116.132] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x452d, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x452d, lpOverlapped=0x0) returned 1 [0116.133] GetTickCount () returned 0xeb2e1d [0116.133] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.134] GetTickCount () returned 0xeb2e1d [0116.134] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4656, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4656, lpOverlapped=0x0) returned 1 [0116.134] GetTickCount () returned 0xeb2e1d [0116.134] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.134] GetTickCount () returned 0xeb2e1d [0116.134] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4b15, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4b15, lpOverlapped=0x0) returned 1 [0116.135] GetTickCount () returned 0xeb2e1d [0116.135] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.135] GetTickCount () returned 0xeb2e1d [0116.135] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x45a4, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x45a4, lpOverlapped=0x0) returned 1 [0116.136] GetTickCount () returned 0xeb2e1d [0116.136] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.136] GetTickCount () returned 0xeb2e1d [0116.136] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x406a, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x406a, lpOverlapped=0x0) returned 1 [0116.137] GetTickCount () returned 0xeb2e1d [0116.137] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.137] GetTickCount () returned 0xeb2e1d [0116.137] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x47ed, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x47ed, lpOverlapped=0x0) returned 1 [0116.138] GetTickCount () returned 0xeb2e1d [0116.138] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.138] GetTickCount () returned 0xeb2e1d [0116.138] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4e24, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4e24, lpOverlapped=0x0) returned 1 [0116.139] GetTickCount () returned 0xeb2e1d [0116.139] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.139] GetTickCount () returned 0xeb2e1d [0116.139] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x3fb9, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x3fb9, lpOverlapped=0x0) returned 1 [0116.139] GetTickCount () returned 0xeb2e1d [0116.139] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.139] GetTickCount () returned 0xeb2e1d [0116.139] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4000, lpOverlapped=0x0) returned 1 [0116.140] GetTickCount () returned 0xeb2e1d [0116.140] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.140] GetTickCount () returned 0xeb2e1d [0116.140] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x3ffd, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x3ffd, lpOverlapped=0x0) returned 1 [0116.140] GetTickCount () returned 0xeb2e1d [0116.140] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.140] GetTickCount () returned 0xeb2e1d [0116.140] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x4000, lpOverlapped=0x0) returned 1 [0116.142] GetTickCount () returned 0xeb2e2d [0116.142] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.142] GetTickCount () returned 0xeb2e2d [0116.142] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x3fd4, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x3fd4, lpOverlapped=0x0) returned 1 [0116.143] GetTickCount () returned 0xeb2e2d [0116.143] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x1fd3, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x1fd3, lpOverlapped=0x0) returned 1 [0116.143] GetTickCount () returned 0xeb2e2d [0116.143] MulDiv (nNumber=270291, nNumerator=100, nDenominator=270291) returned 100 [0116.143] wsprintfA (in: param_1=0x19f72c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0116.143] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x200d, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x200d, lpOverlapped=0x0) returned 1 [0116.143] SetFileTime (hFile=0x28, lpCreationTime=0x19f928, lpLastAccessTime=0x0, lpLastWriteTime=0x19f928) returned 1 [0116.144] CloseHandle (hObject=0x28) returned 1 [0116.153] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.153] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.153] lstrcpynA (in: lpString1=0x40a440, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.154] lstrcpynA (in: lpString1=0x40a840, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0116.154] lstrcmpiA (lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", lpString2="") returned 1 [0116.154] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.154] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.154] lstrcpynA (in: lpString1=0x40a840, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll" [0116.154] lstrcpynA (in: lpString1=0x409c40, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll" [0116.154] GetFileAttributesA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsb2dc0.tmp\\tkwj.dll")) returned 0xffffffff [0116.154] CreateFileA (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\nsb2dc0.tmp\\tkwj.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x28 [0116.155] SetFilePointer (in: hFile=0x204, lDistanceToMove=326410, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x4fb0a [0116.155] ReadFile (in: hFile=0x204, lpBuffer=0x19f798, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x19f798*, lpNumberOfBytesRead=0x19f71c*=0x4, lpOverlapped=0x0) returned 1 [0116.155] GetTickCount () returned 0xeb2e2d [0116.155] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x4000, lpOverlapped=0x0) returned 1 [0116.156] GetTickCount () returned 0xeb2e2d [0116.156] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x8000, lpOverlapped=0x0) returned 1 [0116.158] GetTickCount () returned 0xeb2e3c [0116.158] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0x31bc, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0x31bc, lpOverlapped=0x0) returned 1 [0116.158] GetTickCount () returned 0xeb2e3c [0116.158] ReadFile (in: hFile=0x204, lpBuffer=0x414c48, nNumberOfBytesToRead=0x7f7, lpNumberOfBytesRead=0x19f71c, lpOverlapped=0x0 | out: lpBuffer=0x414c48*, lpNumberOfBytesRead=0x19f71c*=0x7f7, lpOverlapped=0x0) returned 1 [0116.158] GetTickCount () returned 0xeb2e3c [0116.158] MulDiv (nNumber=18423, nNumerator=100, nDenominator=18423) returned 100 [0116.159] wsprintfA (in: param_1=0x19f72c, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0116.159] WriteFile (in: hFile=0x28, lpBuffer=0x418c48*, nNumberOfBytesToWrite=0xc44, lpNumberOfBytesWritten=0x19f770, lpOverlapped=0x0 | out: lpBuffer=0x418c48*, lpNumberOfBytesWritten=0x19f770*=0xc44, lpOverlapped=0x0) returned 1 [0116.159] CloseHandle (hObject=0x28) returned 1 [0116.161] lstrcpynA (in: lpString1=0x42dbc0, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp" [0116.161] lstrlenA (lpString="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp") returned 48 [0116.161] lstrcpynA (in: lpString1=0x40a040, lpString2="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll", iMaxLength=1024 | out: lpString1="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll") returned="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll" [0116.162] lstrcpynA (in: lpString1=0x409c40, lpString2="TclpOwkq", iMaxLength=1024 | out: lpString1="TclpOwkq") returned="TclpOwkq" [0116.162] GetModuleHandleA (lpModuleName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll") returned 0x0 [0116.165] LoadLibraryExA (lpLibFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\nsb2DC0.tmp\\tkwj.dll", hFile=0x0, dwFlags=0x8) returned 0x6d400000 [0118.161] GetProcAddress (hModule=0x6d400000, lpProcName="TclpOwkq") returned 0x6d407500 [0118.161] VirtualAlloc (lpAddress=0x0, dwSize=0xbebc200, flAllocationType=0x3000, flProtect=0x4) returned 0x2850000 [0123.784] EnumResourceTypesA (hModule=0x0, lpEnumFunc=0x6d40b070, lParam=0x0) [0123.786] LoadLibraryW (lpLibFileName="Shlwapi.dll") returned 0x75790000 [0123.787] GetTempPathW (in: nBufferLength=0x103, lpBuffer=0x19f1cc | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25 [0123.788] PathAppendW (in: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\", pMore="trhfchm3wzuw7" | out: pszPath="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\trhfchm3wzuw7") returned 1 [0123.788] CreateFileW (lpFileName="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\trhfchm3wzuw7" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\trhfchm3wzuw7"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0123.789] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x46fff [0123.790] VirtualAlloc (lpAddress=0x0, dwSize=0x46fff, flAllocationType=0x3000, flProtect=0x4) returned 0xe710000 [0123.790] ReadFile (in: hFile=0x25c, lpBuffer=0xe710000, nNumberOfBytesToRead=0x46fff, lpNumberOfBytesRead=0x19f5dc, lpOverlapped=0x0 | out: lpBuffer=0xe710000*, lpNumberOfBytesRead=0x19f5dc*=0x46fff, lpOverlapped=0x0) returned 1 [0123.798] CloseHandle (hObject=0x25c) returned 1 [0123.849] LoadLibraryW (lpLibFileName="ntdll.dll") returned 0x778f0000 [0123.849] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19ecd0, nSize=0x103 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe")) returned 0x32 [0123.850] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19e54c, nSize=0x103 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe")) returned 0x32 [0123.850] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" " [0123.850] CreateProcessW (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19ec28*(cb=0x0, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ec8c | out: lpCommandLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" ", lpProcessInformation=0x19ec8c*(hProcess=0x260, hThread=0x25c, dwProcessId=0xc1c, dwThreadId=0xe9c)) returned 1 [0123.874] GetThreadContext (in: hThread=0x25c, lpContext=0x19e95c | out: lpContext=0x19e95c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x1a0001, FloatSave.RegisterArea=([0]=0xb0, [1]=0xea, [2]=0x19, [3]=0x0, [4]=0x14, [5]=0x17, [6]=0x1a, [7]=0x0, [8]=0x8, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x4, [13]=0xea, [14]=0x1, [15]=0x1, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x28, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x44, [49]=0xeb, [50]=0x19, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0xee, [57]=0xc2, [58]=0x96, [59]=0x77, [60]=0x2c, [61]=0xea, [62]=0x19, [63]=0x0, [64]=0xfc, [65]=0x0, [66]=0x1a, [67]=0x0, [68]=0x9, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x1a, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x522e88, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2a7000, Edx=0x0, Ecx=0x0, Eax=0x40312a, Ebp=0x0, Eip=0x77968fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x10, [1]=0xec, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x50, [17]=0xea, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x92, [23]=0x77, [24]=0xd8, [25]=0xea, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0xa0, [41]=0xea, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x92, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x92, [55]=0x77, [56]=0xc3, [57]=0x3, [58]=0x51, [59]=0xc4, [60]=0x18, [61]=0xec, [62]=0x19, [63]=0x0, [64]=0xa8, [65]=0xec, [66]=0x19, [67]=0x0, [68]=0x10, [69]=0xec, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xb4, [77]=0xeb, [78]=0x19, [79]=0x0, [80]=0xd8, [81]=0xea, [82]=0x19, [83]=0x0, [84]=0x18, [85]=0xec, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x60, [97]=0xea, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x1c, [105]=0xf7, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x96, [111]=0x77, [112]=0x4b, [113]=0xc8, [114]=0xd6, [115]=0xb3, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x92, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x93, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x10, [145]=0xec, [146]=0x19, [147]=0x0, [148]=0xd4, [149]=0xea, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0xa8, [157]=0xec, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x93, [163]=0x77, [164]=0x8c, [165]=0xeb, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xe0, [181]=0xea, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x2, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xe4, [273]=0xeb, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0x24, [285]=0xf6, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xe0, [293]=0xeb, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x10, [305]=0x0, [306]=0x8, [307]=0x2, [308]=0xe8, [309]=0xf1, [310]=0x19, [311]=0x0, [312]=0x2, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0xf8, [317]=0xeb, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x80, [325]=0xeb, [326]=0x19, [327]=0x0, [328]=0x80, [329]=0xeb, [330]=0x19, [331]=0x0, [332]=0x80, [333]=0xeb, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x2, [347]=0x0, [348]=0xef, [349]=0x2, [350]=0x51, [351]=0xc4, [352]=0x4, [353]=0xed, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x92, [363]=0x77, [364]=0x2c, [365]=0xec, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0xa0, [377]=0xf1, [378]=0x19, [379]=0x0, [380]=0x24, [381]=0xf6, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x92, [387]=0x77, [388]=0x44, [389]=0xec, [390]=0x19, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0x24, [401]=0xf6, [402]=0x19, [403]=0x0, [404]=0xe8, [405]=0xf1, [406]=0x19, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x92, [411]=0x77, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0xe8, [425]=0xf1, [426]=0x19, [427]=0x0, [428]=0x68, [429]=0xf1, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x92, [435]=0x77, [436]=0x18, [437]=0xec, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0xaf, [445]=0x3, [446]=0x51, [447]=0xc4, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x70, [453]=0xec, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x93, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x93, [483]=0x77, [484]=0x20, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x88, [489]=0x2e, [490]=0x52, [491]=0x0, [492]=0x9c, [493]=0xec, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x68, [509]=0xf1, [510]=0x19, [511]=0x0))) returned 1 [0123.878] ReadProcessMemory (in: hProcess=0x260, lpBaseAddress=0x2a7008, lpBuffer=0x19eca0, nSize=0x4, lpNumberOfBytesRead=0x0 | out: lpBuffer=0x19eca0*, lpNumberOfBytesRead=0x0) returned 1 [0123.878] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e514 | out: Wow64Process=0x19e514*=1) returned 1 [0123.878] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0123.879] lstrlenW (lpString="ntdll.dll") returned 9 [0123.879] lstrlenW (lpString="ntdll.dll") returned 9 [0123.879] lstrlenW (lpString="ntdll.dll") returned 9 [0123.879] lstrlenW (lpString="ntdll.dll") returned 9 [0123.879] lstrlenW (lpString="tdll.dll") returned 8 [0123.879] lstrlenW (lpString="dll.dll") returned 7 [0123.879] lstrlenW (lpString="ll.dll") returned 6 [0123.879] lstrlenW (lpString="l.dll") returned 5 [0123.879] lstrlenW (lpString=".dll") returned 4 [0123.879] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0123.879] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0123.879] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0123.880] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4e8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4e8*=0x1784a0, lpOverlapped=0x0) returned 1 [0123.941] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0123.983] CloseHandle (hObject=0x268) returned 1 [0123.992] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.005] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.021] NtUnmapViewOfSection (ProcessHandle=0x260, BaseAddress=0x400000) returned 0x0 [0124.024] VirtualAllocEx (hProcess=0x260, lpAddress=0x400000, dwSize=0x4b000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0124.036] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4e4 | out: Wow64Process=0x19e4e4*=1) returned 1 [0124.037] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0124.037] lstrlenW (lpString="ntdll.dll") returned 9 [0124.037] lstrlenW (lpString="ntdll.dll") returned 9 [0124.037] lstrlenW (lpString="ntdll.dll") returned 9 [0124.037] lstrlenW (lpString="ntdll.dll") returned 9 [0124.037] lstrlenW (lpString="tdll.dll") returned 8 [0124.037] lstrlenW (lpString="dll.dll") returned 7 [0124.037] lstrlenW (lpString="ll.dll") returned 6 [0124.037] lstrlenW (lpString="l.dll") returned 5 [0124.037] lstrlenW (lpString=".dll") returned 4 [0124.037] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0124.038] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0124.038] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0124.038] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4b8*=0x1784a0, lpOverlapped=0x0) returned 1 [0124.078] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0124.132] CloseHandle (hObject=0x268) returned 1 [0124.133] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.148] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.160] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x400000, Buffer=0xe710000*, NumberOfBytesToWrite=0x400, NumberOfBytesWritten=0x19e518 | out: Buffer=0xe710000*, NumberOfBytesWritten=0x19e518*=0x400) returned 0x0 [0124.172] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4e4 | out: Wow64Process=0x19e4e4*=1) returned 1 [0124.172] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0124.172] lstrlenW (lpString="ntdll.dll") returned 9 [0124.172] lstrlenW (lpString="ntdll.dll") returned 9 [0124.172] lstrlenW (lpString="ntdll.dll") returned 9 [0124.172] lstrlenW (lpString="ntdll.dll") returned 9 [0124.172] lstrlenW (lpString="tdll.dll") returned 8 [0124.173] lstrlenW (lpString="dll.dll") returned 7 [0124.173] lstrlenW (lpString="ll.dll") returned 6 [0124.173] lstrlenW (lpString="l.dll") returned 5 [0124.173] lstrlenW (lpString=".dll") returned 4 [0124.173] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0124.173] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0124.173] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0124.174] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4b8*=0x1784a0, lpOverlapped=0x0) returned 1 [0124.208] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0124.459] CloseHandle (hObject=0x268) returned 1 [0124.460] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.478] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.488] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x401000, Buffer=0xe710400*, NumberOfBytesToWrite=0xac00, NumberOfBytesWritten=0x19e518 | out: Buffer=0xe710400*, NumberOfBytesWritten=0x19e518*=0xac00) returned 0x0 [0124.509] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4e4 | out: Wow64Process=0x19e4e4*=1) returned 1 [0124.509] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0124.509] lstrlenW (lpString="ntdll.dll") returned 9 [0124.509] lstrlenW (lpString="ntdll.dll") returned 9 [0124.509] lstrlenW (lpString="ntdll.dll") returned 9 [0124.509] lstrlenW (lpString="ntdll.dll") returned 9 [0124.509] lstrlenW (lpString="tdll.dll") returned 8 [0124.509] lstrlenW (lpString="dll.dll") returned 7 [0124.510] lstrlenW (lpString="ll.dll") returned 6 [0124.510] lstrlenW (lpString="l.dll") returned 5 [0124.510] lstrlenW (lpString=".dll") returned 4 [0124.510] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0124.510] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0124.510] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0124.511] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4b8*=0x1784a0, lpOverlapped=0x0) returned 1 [0124.549] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0124.591] CloseHandle (hObject=0x268) returned 1 [0124.592] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.665] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.677] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x40c000, Buffer=0xe71b000*, NumberOfBytesToWrite=0x5a00, NumberOfBytesWritten=0x19e518 | out: Buffer=0xe71b000*, NumberOfBytesWritten=0x19e518*=0x5a00) returned 0x0 [0124.793] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4e4 | out: Wow64Process=0x19e4e4*=1) returned 1 [0124.793] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0124.793] lstrlenW (lpString="ntdll.dll") returned 9 [0124.794] lstrlenW (lpString="ntdll.dll") returned 9 [0124.794] lstrlenW (lpString="ntdll.dll") returned 9 [0124.794] lstrlenW (lpString="ntdll.dll") returned 9 [0124.794] lstrlenW (lpString="tdll.dll") returned 8 [0124.794] lstrlenW (lpString="dll.dll") returned 7 [0124.794] lstrlenW (lpString="ll.dll") returned 6 [0124.794] lstrlenW (lpString="l.dll") returned 5 [0124.794] lstrlenW (lpString=".dll") returned 4 [0124.794] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0124.794] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0124.794] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0124.795] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4b8*=0x1784a0, lpOverlapped=0x0) returned 1 [0124.823] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0124.864] CloseHandle (hObject=0x268) returned 1 [0124.864] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.876] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.895] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x412000, Buffer=0xe720a00*, NumberOfBytesToWrite=0x800, NumberOfBytesWritten=0x19e518 | out: Buffer=0xe720a00*, NumberOfBytesWritten=0x19e518*=0x800) returned 0x0 [0124.908] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4e4 | out: Wow64Process=0x19e4e4*=1) returned 1 [0124.909] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0124.909] lstrlenW (lpString="ntdll.dll") returned 9 [0124.909] lstrlenW (lpString="ntdll.dll") returned 9 [0124.909] lstrlenW (lpString="ntdll.dll") returned 9 [0124.909] lstrlenW (lpString="ntdll.dll") returned 9 [0124.909] lstrlenW (lpString="tdll.dll") returned 8 [0124.909] lstrlenW (lpString="dll.dll") returned 7 [0124.909] lstrlenW (lpString="ll.dll") returned 6 [0124.909] lstrlenW (lpString="l.dll") returned 5 [0124.909] lstrlenW (lpString=".dll") returned 4 [0124.909] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0124.910] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0124.910] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0124.910] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4b8*=0x1784a0, lpOverlapped=0x0) returned 1 [0124.937] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0124.968] CloseHandle (hObject=0x268) returned 1 [0124.968] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.977] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0124.985] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x414000, Buffer=0xe721200*, NumberOfBytesToWrite=0x200, NumberOfBytesWritten=0x19e518 | out: Buffer=0xe721200*, NumberOfBytesWritten=0x19e518*=0x200) returned 0x0 [0125.086] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4e4 | out: Wow64Process=0x19e4e4*=1) returned 1 [0125.086] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0125.086] lstrlenW (lpString="ntdll.dll") returned 9 [0125.086] lstrlenW (lpString="ntdll.dll") returned 9 [0125.086] lstrlenW (lpString="ntdll.dll") returned 9 [0125.086] lstrlenW (lpString="ntdll.dll") returned 9 [0125.086] lstrlenW (lpString="tdll.dll") returned 8 [0125.086] lstrlenW (lpString="dll.dll") returned 7 [0125.086] lstrlenW (lpString="ll.dll") returned 6 [0125.086] lstrlenW (lpString="l.dll") returned 5 [0125.086] lstrlenW (lpString=".dll") returned 4 [0125.086] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0125.087] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0125.087] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0125.087] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4b8*=0x1784a0, lpOverlapped=0x0) returned 1 [0125.133] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0125.166] CloseHandle (hObject=0x268) returned 1 [0125.166] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.180] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.192] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x415000, Buffer=0xe721400*, NumberOfBytesToWrite=0x35c00, NumberOfBytesWritten=0x19e518 | out: Buffer=0xe721400*, NumberOfBytesWritten=0x19e518*=0x35c00) returned 0x0 [0125.222] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e4e4 | out: Wow64Process=0x19e4e4*=1) returned 1 [0125.222] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0125.223] lstrlenW (lpString="ntdll.dll") returned 9 [0125.223] lstrlenW (lpString="ntdll.dll") returned 9 [0125.223] lstrlenW (lpString="ntdll.dll") returned 9 [0125.223] lstrlenW (lpString="ntdll.dll") returned 9 [0125.223] lstrlenW (lpString="tdll.dll") returned 8 [0125.223] lstrlenW (lpString="dll.dll") returned 7 [0125.223] lstrlenW (lpString="ll.dll") returned 6 [0125.223] lstrlenW (lpString="l.dll") returned 5 [0125.223] lstrlenW (lpString=".dll") returned 4 [0125.223] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0125.223] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0125.223] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0125.224] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4b8, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4b8*=0x1784a0, lpOverlapped=0x0) returned 1 [0125.254] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0125.291] CloseHandle (hObject=0x268) returned 1 [0125.291] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.299] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.308] NtWriteVirtualMemory (in: ProcessHandle=0x260, BaseAddress=0x2a7008, Buffer=0x19ecb4*, NumberOfBytesToWrite=0x4, NumberOfBytesWritten=0x19e518 | out: Buffer=0x19ecb4*, NumberOfBytesWritten=0x19e518*=0x4) returned 0x0 [0125.309] SetThreadContext (hThread=0x25c, lpContext=0x19e95c*(ContextFlags=0x10007, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x1a0001, FloatSave.RegisterArea=([0]=0xb0, [1]=0xea, [2]=0x19, [3]=0x0, [4]=0x14, [5]=0x17, [6]=0x1a, [7]=0x0, [8]=0x8, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x4, [13]=0xea, [14]=0x1, [15]=0x1, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x25, [33]=0x2, [34]=0x0, [35]=0xc0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x28, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x44, [49]=0xeb, [50]=0x19, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0xee, [57]=0xc2, [58]=0x96, [59]=0x77, [60]=0x2c, [61]=0xea, [62]=0x19, [63]=0x0, [64]=0xfc, [65]=0x0, [66]=0x1a, [67]=0x0, [68]=0x9, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x1a, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x522e88, SegGs=0x2b, SegFs=0x53, SegEs=0x2b, SegDs=0x2b, Edi=0x0, Esi=0x0, Ebx=0x2a7000, Edx=0x0, Ecx=0x0, Eax=0x40188b, Ebp=0x0, Eip=0x77968fe0, SegCs=0x23, EFlags=0x202, Esp=0x19fff0, SegSs=0x2b, ExtendedRegisters=([0]=0x10, [1]=0xec, [2]=0x19, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x25, [9]=0x2, [10]=0x0, [11]=0xc0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x50, [17]=0xea, [18]=0x19, [19]=0x0, [20]=0x2b, [21]=0xba, [22]=0x92, [23]=0x77, [24]=0xd8, [25]=0xea, [26]=0x19, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x9, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0xa0, [41]=0xea, [42]=0x19, [43]=0x0, [44]=0x33, [45]=0xb8, [46]=0x92, [47]=0x77, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x59, [53]=0xb8, [54]=0x92, [55]=0x77, [56]=0xc3, [57]=0x3, [58]=0x51, [59]=0xc4, [60]=0x18, [61]=0xec, [62]=0x19, [63]=0x0, [64]=0xa8, [65]=0xec, [66]=0x19, [67]=0x0, [68]=0x10, [69]=0xec, [70]=0x19, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0xb4, [77]=0xeb, [78]=0x19, [79]=0x0, [80]=0xd8, [81]=0xea, [82]=0x19, [83]=0x0, [84]=0x18, [85]=0xec, [86]=0x19, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x60, [97]=0xea, [98]=0x19, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x1c, [105]=0xf7, [106]=0x19, [107]=0x0, [108]=0x30, [109]=0xee, [110]=0x96, [111]=0x77, [112]=0x4b, [113]=0xc8, [114]=0xd6, [115]=0xb3, [116]=0xfe, [117]=0xff, [118]=0xff, [119]=0xff, [120]=0x59, [121]=0xb8, [122]=0x92, [123]=0x77, [124]=0x9e, [125]=0x1, [126]=0x93, [127]=0x77, [128]=0x20, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x4, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x10, [145]=0xec, [146]=0x19, [147]=0x0, [148]=0xd4, [149]=0xea, [150]=0x19, [151]=0x0, [152]=0x1, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0xa8, [157]=0xec, [158]=0x19, [159]=0x0, [160]=0xc0, [161]=0x1, [162]=0x93, [163]=0x77, [164]=0x8c, [165]=0xeb, [166]=0x19, [167]=0x0, [168]=0x20, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x12, [177]=0x0, [178]=0x0, [179]=0x1, [180]=0xe0, [181]=0xea, [182]=0x19, [183]=0x0, [184]=0x6e, [185]=0x0, [186]=0x74, [187]=0x0, [188]=0x64, [189]=0x0, [190]=0x6c, [191]=0x0, [192]=0x6c, [193]=0x0, [194]=0x2e, [195]=0x0, [196]=0x64, [197]=0x0, [198]=0x6c, [199]=0x0, [200]=0x6c, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x2, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x40, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0xe4, [273]=0xeb, [274]=0x19, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x16, [281]=0x0, [282]=0x18, [283]=0x0, [284]=0x24, [285]=0xf6, [286]=0x19, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0xe0, [293]=0xeb, [294]=0x19, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x10, [305]=0x0, [306]=0x8, [307]=0x2, [308]=0xe8, [309]=0xf1, [310]=0x19, [311]=0x0, [312]=0x2, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0xf8, [317]=0xeb, [318]=0x19, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x2, [323]=0x0, [324]=0x80, [325]=0xeb, [326]=0x19, [327]=0x0, [328]=0x80, [329]=0xeb, [330]=0x19, [331]=0x0, [332]=0x80, [333]=0xeb, [334]=0x19, [335]=0x0, [336]=0x2, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x2, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x2, [347]=0x0, [348]=0xef, [349]=0x2, [350]=0x51, [351]=0xc4, [352]=0x4, [353]=0xed, [354]=0x19, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0xb5, [361]=0x93, [362]=0x92, [363]=0x77, [364]=0x2c, [365]=0xec, [366]=0x19, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x2c, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0xa0, [377]=0xf1, [378]=0x19, [379]=0x0, [380]=0x24, [381]=0xf6, [382]=0x19, [383]=0x0, [384]=0x30, [385]=0x94, [386]=0x92, [387]=0x77, [388]=0x44, [389]=0xec, [390]=0x19, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x1, [396]=0x16, [397]=0x0, [398]=0x18, [399]=0x0, [400]=0x24, [401]=0xf6, [402]=0x19, [403]=0x0, [404]=0xe8, [405]=0xf1, [406]=0x19, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x92, [411]=0x77, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0xe8, [425]=0xf1, [426]=0x19, [427]=0x0, [428]=0x68, [429]=0xf1, [430]=0x19, [431]=0x0, [432]=0x9c, [433]=0xb7, [434]=0x92, [435]=0x77, [436]=0x18, [437]=0xec, [438]=0x19, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0xaf, [445]=0x3, [446]=0x51, [447]=0xc4, [448]=0x1, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x70, [453]=0xec, [454]=0x19, [455]=0x0, [456]=0x1, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0xcd, [469]=0x35, [470]=0x93, [471]=0x77, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x9, [481]=0x36, [482]=0x93, [483]=0x77, [484]=0x20, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x88, [489]=0x2e, [490]=0x52, [491]=0x0, [492]=0x9c, [493]=0xec, [494]=0x19, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x68, [509]=0xf1, [510]=0x19, [511]=0x0))) returned 1 [0125.312] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x19e50c | out: Wow64Process=0x19e50c*=1) returned 1 [0125.312] lstrlenW (lpString="RFQ Document.bin.exe") returned 20 [0125.312] lstrlenW (lpString="ntdll.dll") returned 9 [0125.312] lstrlenW (lpString="ntdll.dll") returned 9 [0125.312] lstrlenW (lpString="ntdll.dll") returned 9 [0125.312] lstrlenW (lpString="ntdll.dll") returned 9 [0125.312] lstrlenW (lpString="tdll.dll") returned 8 [0125.312] lstrlenW (lpString="dll.dll") returned 7 [0125.312] lstrlenW (lpString="ll.dll") returned 6 [0125.313] lstrlenW (lpString="l.dll") returned 5 [0125.313] lstrlenW (lpString=".dll") returned 4 [0125.313] CreateFileW (lpFileName="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0125.313] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1784a0 [0125.313] VirtualAlloc (lpAddress=0x0, dwSize=0x1784a0, flAllocationType=0x3000, flProtect=0x4) returned 0xe760000 [0125.313] ReadFile (in: hFile=0x268, lpBuffer=0xe760000, nNumberOfBytesToRead=0x1784a0, lpNumberOfBytesRead=0x19e4e0, lpOverlapped=0x0 | out: lpBuffer=0xe760000*, lpNumberOfBytesRead=0x19e4e0*=0x1784a0, lpOverlapped=0x0) returned 1 [0125.335] VirtualAlloc (lpAddress=0x0, dwSize=0x17b000, flAllocationType=0x3000, flProtect=0x4) returned 0xe8e0000 [0125.368] CloseHandle (hObject=0x268) returned 1 [0125.368] VirtualFree (lpAddress=0xe760000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.375] VirtualFree (lpAddress=0xe8e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.390] NtResumeThread (in: ThreadHandle=0x25c, SuspendCount=0x19e528 | out: SuspendCount=0x19e528*=0x1) returned 0x0 [0125.765] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0xab0 Thread: id = 3 os_tid = 0x2d8 Thread: id = 4 os_tid = 0xc10 Thread: id = 5 os_tid = 0x758 Thread: id = 6 os_tid = 0x7a4 Process: id = "2" image_name = "rfq document.bin.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe" page_root = "0x78e1a000" os_pid = "0xc1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x1378" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" " cur_dir = "C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f142" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 369 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 370 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 371 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 372 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 373 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 374 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 375 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 376 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 377 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 378 start_va = 0x400000 end_va = 0x43bfff monitored = 1 entry_point = 0x40312a region_type = mapped_file name = "rfq document.bin.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe") Region: id = 379 start_va = 0x778f0000 end_va = 0x77a6afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 380 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 381 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 382 start_va = 0x7fff0000 end_va = 0x7ffb28afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 383 start_va = 0x7ffb28b00000 end_va = 0x7ffb28cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 384 start_va = 0x7ffb28cc1000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb28cc1000" filename = "" Region: id = 387 start_va = 0x400000 end_va = 0x44afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 404 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 405 start_va = 0x657b0000 end_va = 0x65829fff monitored = 0 entry_point = 0x657c3290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 406 start_va = 0x65840000 end_va = 0x6588ffff monitored = 0 entry_point = 0x65858180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 407 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 408 start_va = 0x65830000 end_va = 0x65837fff monitored = 0 entry_point = 0x658317c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 409 start_va = 0x4b0000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 410 start_va = 0x74650000 end_va = 0x7472ffff monitored = 0 entry_point = 0x74663980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 411 start_va = 0x75e80000 end_va = 0x75ffdfff monitored = 0 entry_point = 0x75f31b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 412 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 413 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 414 start_va = 0x4b0000 end_va = 0x56dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 415 start_va = 0x670000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 416 start_va = 0x76370000 end_va = 0x7776efff monitored = 0 entry_point = 0x7652b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 417 start_va = 0x75680000 end_va = 0x7573dfff monitored = 0 entry_point = 0x756b5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 418 start_va = 0x450000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 419 start_va = 0x570000 end_va = 0x66ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 420 start_va = 0x75300000 end_va = 0x75336fff monitored = 0 entry_point = 0x75303b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 421 start_va = 0x74c60000 end_va = 0x75158fff monitored = 0 entry_point = 0x74e67610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 422 start_va = 0x754b0000 end_va = 0x7566cfff monitored = 0 entry_point = 0x75592a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 423 start_va = 0x74b50000 end_va = 0x74bfcfff monitored = 0 entry_point = 0x74b64f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 424 start_va = 0x74620000 end_va = 0x7463dfff monitored = 0 entry_point = 0x7462b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 425 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 426 start_va = 0x74610000 end_va = 0x74619fff monitored = 0 entry_point = 0x74612a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 427 start_va = 0x74730000 end_va = 0x74787fff monitored = 0 entry_point = 0x747725c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 428 start_va = 0x75740000 end_va = 0x75783fff monitored = 0 entry_point = 0x75759d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 429 start_va = 0x77820000 end_va = 0x7789afff monitored = 0 entry_point = 0x7783e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 430 start_va = 0x75790000 end_va = 0x757d4fff monitored = 0 entry_point = 0x757ade90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 431 start_va = 0x758f0000 end_va = 0x75a3efff monitored = 0 entry_point = 0x759a6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 432 start_va = 0x74790000 end_va = 0x748d6fff monitored = 0 entry_point = 0x747a1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 433 start_va = 0x757e0000 end_va = 0x757ebfff monitored = 0 entry_point = 0x757e3930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 434 start_va = 0x748e0000 end_va = 0x7496cfff monitored = 0 entry_point = 0x74929b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 435 start_va = 0x77770000 end_va = 0x777b3fff monitored = 0 entry_point = 0x77777410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 436 start_va = 0x757f0000 end_va = 0x757fefff monitored = 0 entry_point = 0x757f2e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 437 start_va = 0x75160000 end_va = 0x7524afff monitored = 0 entry_point = 0x7519d650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 438 start_va = 0x76150000 end_va = 0x761e1fff monitored = 0 entry_point = 0x76188cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 439 start_va = 0x6c820000 end_va = 0x6c878fff monitored = 1 entry_point = 0x6c830780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 440 start_va = 0x770000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 441 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 442 start_va = 0x770000 end_va = 0x8f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 443 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 444 start_va = 0x75e50000 end_va = 0x75e7afff monitored = 0 entry_point = 0x75e55680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 445 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 446 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 447 start_va = 0x940000 end_va = 0xac0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 448 start_va = 0xad0000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 449 start_va = 0x1ed0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 450 start_va = 0x6c7a0000 end_va = 0x6c818fff monitored = 1 entry_point = 0x6c7af82a region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 451 start_va = 0x6c0e0000 end_va = 0x6c790fff monitored = 1 entry_point = 0x6c0f5d20 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 452 start_va = 0x6d330000 end_va = 0x6d424fff monitored = 0 entry_point = 0x6d384160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 453 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 454 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 455 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 456 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 457 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 458 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 459 start_va = 0x1ed0000 end_va = 0x1edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ed0000" filename = "" Region: id = 460 start_va = 0x1fa0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fa0000" filename = "" Region: id = 461 start_va = 0x1ee0000 end_va = 0x1ee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ee0000" filename = "" Region: id = 462 start_va = 0x1ef0000 end_va = 0x1ef0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ef0000" filename = "" Region: id = 463 start_va = 0x1f00000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 464 start_va = 0x1fb0000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 465 start_va = 0x1f00000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 466 start_va = 0x1f70000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 467 start_va = 0x1fb0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fb0000" filename = "" Region: id = 468 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 469 start_va = 0x1f40000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 470 start_va = 0x2160000 end_va = 0x415ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 471 start_va = 0x20b0000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 472 start_va = 0x4160000 end_va = 0x419ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004160000" filename = "" Region: id = 473 start_va = 0x41a0000 end_va = 0x429ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041a0000" filename = "" Region: id = 474 start_va = 0x42a0000 end_va = 0x45d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 475 start_va = 0x6aeb0000 end_va = 0x6c0d7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll") Region: id = 476 start_va = 0x45e0000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045e0000" filename = "" Region: id = 477 start_va = 0x1f40000 end_va = 0x1f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 478 start_va = 0x1f50000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f50000" filename = "" Region: id = 479 start_va = 0x45e0000 end_va = 0x4615fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000045e0000" filename = "" Region: id = 480 start_va = 0x4660000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004660000" filename = "" Region: id = 481 start_va = 0x4620000 end_va = 0x4645fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 482 start_va = 0x6d2b0000 end_va = 0x6d32dfff monitored = 1 entry_point = 0x6d2b1140 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 483 start_va = 0x1f60000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 484 start_va = 0x6a500000 end_va = 0x6aeabfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll") Region: id = 485 start_va = 0x6a370000 end_va = 0x6a4fcfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll") Region: id = 486 start_va = 0x69710000 end_va = 0x6a368fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll") Region: id = 487 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 488 start_va = 0x4670000 end_va = 0x470bfff monitored = 1 entry_point = 0x46fe9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 489 start_va = 0x1f80000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 490 start_va = 0x6d2a0000 end_va = 0x6d2a7fff monitored = 0 entry_point = 0x6d2a17b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 491 start_va = 0x4710000 end_va = 0x47abfff monitored = 1 entry_point = 0x479e9b2 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 492 start_va = 0x1f90000 end_va = 0x1f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 493 start_va = 0x4710000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004710000" filename = "" Region: id = 494 start_va = 0x1f90000 end_va = 0x1f90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f90000" filename = "" Region: id = 495 start_va = 0x4650000 end_va = 0x4650fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 496 start_va = 0x4650000 end_va = 0x4658fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 497 start_va = 0x4650000 end_va = 0x4650fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 498 start_va = 0x4650000 end_va = 0x4658fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 499 start_va = 0x4650000 end_va = 0x4650fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 500 start_va = 0x4650000 end_va = 0x4658fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 501 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 502 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 503 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 504 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 505 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 506 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 507 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 508 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 509 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 510 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 511 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 512 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 513 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 514 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 515 start_va = 0x68ff0000 end_va = 0x69701fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll") Region: id = 516 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 517 start_va = 0x4820000 end_va = 0x482ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 518 start_va = 0x4830000 end_va = 0x483ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004830000" filename = "" Region: id = 519 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 520 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 521 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 522 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 523 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 524 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 525 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 526 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 527 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 528 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 529 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 530 start_va = 0x4650000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 531 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 532 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 533 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 534 start_va = 0x4810000 end_va = 0x4820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004810000" filename = "" Region: id = 535 start_va = 0x6d0c0000 end_va = 0x6d1aefff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll") Region: id = 536 start_va = 0x688d0000 end_va = 0x68fe5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll") Region: id = 537 start_va = 0x6d1f0000 end_va = 0x6d294fff monitored = 0 entry_point = 0x6d20ac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 538 start_va = 0x6d1c0000 end_va = 0x6d1e2fff monitored = 0 entry_point = 0x6d1c5570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 539 start_va = 0x6d0b0000 end_va = 0x6d0bffff monitored = 0 entry_point = 0x6d0b3820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 540 start_va = 0x761f0000 end_va = 0x7624efff monitored = 0 entry_point = 0x761f4af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 541 start_va = 0x72100000 end_va = 0x7214efff monitored = 0 entry_point = 0x7210d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 542 start_va = 0x4650000 end_va = 0x4651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004650000" filename = "" Region: id = 543 start_va = 0x4830000 end_va = 0x4830fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004830000" filename = "" Region: id = 544 start_va = 0x4840000 end_va = 0x491ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 545 start_va = 0x4920000 end_va = 0x495ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004920000" filename = "" Region: id = 546 start_va = 0x4960000 end_va = 0x4a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004960000" filename = "" Region: id = 547 start_va = 0x4a60000 end_va = 0x4a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a60000" filename = "" Region: id = 548 start_va = 0x4aa0000 end_va = 0x4b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004aa0000" filename = "" Region: id = 549 start_va = 0x70760000 end_va = 0x707fafff monitored = 0 entry_point = 0x7079f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 550 start_va = 0x70800000 end_va = 0x70811fff monitored = 0 entry_point = 0x70804510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 551 start_va = 0x72040000 end_va = 0x7206efff monitored = 0 entry_point = 0x7204bb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 552 start_va = 0x75250000 end_va = 0x75256fff monitored = 0 entry_point = 0x75251e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 553 start_va = 0x71f80000 end_va = 0x71f92fff monitored = 0 entry_point = 0x71f825d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 554 start_va = 0x71f60000 end_va = 0x71f73fff monitored = 0 entry_point = 0x71f63c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 555 start_va = 0x4ba0000 end_va = 0x4bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ba0000" filename = "" Region: id = 556 start_va = 0x4be0000 end_va = 0x4cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004be0000" filename = "" Region: id = 557 start_va = 0x72070000 end_va = 0x720f3fff monitored = 0 entry_point = 0x72096530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 558 start_va = 0x70750000 end_va = 0x70757fff monitored = 0 entry_point = 0x70751fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 559 start_va = 0x72030000 end_va = 0x72037fff monitored = 0 entry_point = 0x72031920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 560 start_va = 0x71fe0000 end_va = 0x72026fff monitored = 0 entry_point = 0x71ff58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 561 start_va = 0x742c0000 end_va = 0x742dafff monitored = 0 entry_point = 0x742c9050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 562 start_va = 0x4ce0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 563 start_va = 0x4ce0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 564 start_va = 0x4ce0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 565 start_va = 0x4ce0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 566 start_va = 0x4ce0000 end_va = 0x4ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ce0000" filename = "" Region: id = 567 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 568 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 569 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 570 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 571 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 572 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 573 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 574 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 575 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 576 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 577 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 578 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 579 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 580 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 581 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 582 start_va = 0x704d0000 end_va = 0x704e2fff monitored = 0 entry_point = 0x704d9950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 583 start_va = 0x704a0000 end_va = 0x704cefff monitored = 0 entry_point = 0x704b95e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 584 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 585 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 586 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 587 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 588 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 589 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 590 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 591 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 592 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 593 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 594 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 595 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 596 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 597 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 598 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 599 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 600 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 601 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 602 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 603 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 604 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 605 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 606 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 607 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 608 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 609 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 610 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 611 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 612 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 613 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 614 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 615 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 616 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 617 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 618 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 619 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 620 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 621 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 622 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 623 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 624 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 625 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 626 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 627 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 628 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 629 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 630 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 631 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 632 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 633 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 634 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 635 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 636 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 637 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 638 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 639 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 640 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 641 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 642 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 643 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 644 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 645 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 646 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 647 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 648 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 649 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 650 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 651 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 652 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 653 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 654 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 655 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 656 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 657 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 658 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 659 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 660 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 661 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 662 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 663 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 664 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 665 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 666 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 667 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 668 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 669 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 670 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 671 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 672 start_va = 0x4cf0000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cf0000" filename = "" Region: id = 673 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 674 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 675 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 676 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 677 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 678 start_va = 0x4d00000 end_va = 0x4d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 679 start_va = 0x6c910000 end_va = 0x6c919fff monitored = 0 entry_point = 0x6c913200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 680 start_va = 0x70580000 end_va = 0x705e3fff monitored = 0 entry_point = 0x7059afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 681 start_va = 0x749d0000 end_va = 0x74b47fff monitored = 0 entry_point = 0x74a28a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 682 start_va = 0x74640000 end_va = 0x7464dfff monitored = 0 entry_point = 0x74645410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 683 start_va = 0x70570000 end_va = 0x7057ffff monitored = 0 entry_point = 0x70574600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 684 start_va = 0x70550000 end_va = 0x7056ffff monitored = 0 entry_point = 0x7055d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 685 start_va = 0x70520000 end_va = 0x7054bfff monitored = 0 entry_point = 0x7053bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 686 start_va = 0x70500000 end_va = 0x70519fff monitored = 0 entry_point = 0x7050fa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 687 start_va = 0x4d00000 end_va = 0x4d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 688 start_va = 0x4d40000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 689 start_va = 0x4e40000 end_va = 0x4e43fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e40000" filename = "" Region: id = 690 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 691 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 692 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 693 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 694 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 695 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 696 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 697 start_va = 0x4e60000 end_va = 0x4e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 698 start_va = 0x68810000 end_va = 0x688c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\4e4cb6e2e651b6d243241e4edd14b3f3\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\4e4cb6e2e651b6d243241e4edd14b3f3\\system.security.ni.dll") Region: id = 699 start_va = 0x704f0000 end_va = 0x704f7fff monitored = 0 entry_point = 0x704f1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 700 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 701 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 702 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 703 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 704 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 705 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 706 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 707 start_va = 0x4e60000 end_va = 0x4e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 708 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 709 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 710 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 711 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 712 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 713 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 714 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 715 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 716 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 717 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 718 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 719 start_va = 0x4e60000 end_va = 0x4e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 720 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 721 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 722 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 723 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 724 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 725 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 726 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 727 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 728 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 729 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 730 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 731 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 732 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 733 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 734 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 735 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 736 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 737 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 738 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 739 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 740 start_va = 0x4e70000 end_va = 0x4e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 741 start_va = 0x4e80000 end_va = 0x4e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e80000" filename = "" Region: id = 742 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 743 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 744 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 745 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 746 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 747 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 748 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 749 start_va = 0x4e70000 end_va = 0x4e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 750 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 751 start_va = 0x4e70000 end_va = 0x4e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e70000" filename = "" Region: id = 752 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 753 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 754 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 755 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 756 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 757 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 758 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 759 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 760 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 761 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 762 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 763 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 764 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 765 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 766 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 767 start_va = 0x642c0000 end_va = 0x64481fff monitored = 1 entry_point = 0x644791de region_type = mapped_file name = "system.web.extensions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Web.Extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\System.Web.Extensions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.web.extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\system.web.extensions.dll") Region: id = 768 start_va = 0x4e50000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 769 start_va = 0x4e70000 end_va = 0x5031fff monitored = 1 entry_point = 0x50291de region_type = mapped_file name = "system.web.extensions.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Web.Extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\System.Web.Extensions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.web.extensions\\v4.0_4.0.0.0__31bf3856ad364e35\\system.web.extensions.dll") Region: id = 770 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 771 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 772 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 773 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 774 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 775 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 776 start_va = 0x5050000 end_va = 0x505ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 777 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 778 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 779 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 780 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 781 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 782 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 783 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 784 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 785 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 786 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 787 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 788 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 789 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 790 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 791 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 792 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 793 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 794 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 795 start_va = 0x5070000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005070000" filename = "" Region: id = 796 start_va = 0x5080000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 797 start_va = 0x5090000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 798 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 799 start_va = 0x5060000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 800 start_va = 0x5060000 end_va = 0x509ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 801 start_va = 0x50a0000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050a0000" filename = "" Region: id = 802 start_va = 0x706d0000 end_va = 0x70744fff monitored = 0 entry_point = 0x70709a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 803 start_va = 0x51a0000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 804 start_va = 0x701d0000 end_va = 0x701ecfff monitored = 0 entry_point = 0x701d3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 805 start_va = 0x5040000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 806 start_va = 0x51a0000 end_va = 0x522efff monitored = 0 entry_point = 0x51add60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 807 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 808 start_va = 0x68770000 end_va = 0x68801fff monitored = 0 entry_point = 0x6877dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 809 start_va = 0x5260000 end_va = 0x53effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 810 start_va = 0x51a0000 end_va = 0x51a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051a0000" filename = "" Region: id = 811 start_va = 0x5260000 end_va = 0x531bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005260000" filename = "" Region: id = 812 start_va = 0x53e0000 end_va = 0x53effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053e0000" filename = "" Region: id = 813 start_va = 0x51a0000 end_va = 0x51a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051a0000" filename = "" Region: id = 814 start_va = 0x51b0000 end_va = 0x51b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 815 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 816 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 817 start_va = 0x53f0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 818 start_va = 0x54f0000 end_va = 0x58eafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000054f0000" filename = "" Thread: id = 7 os_tid = 0xe9c [0125.868] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0125.868] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x75e80000 [0125.868] GetProcAddress (hModule=0x75e80000, lpProcName="InitializeCriticalSectionEx") returned 0x75f3d740 [0125.869] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x75e80000 [0125.869] GetProcAddress (hModule=0x75e80000, lpProcName="FlsAlloc") returned 0x75f44490 [0125.869] GetProcAddress (hModule=0x75e80000, lpProcName="FlsSetValue") returned 0x75f3d7a0 [0125.930] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x75e80000 [0125.930] GetProcAddress (hModule=0x75e80000, lpProcName="InitializeCriticalSectionEx") returned 0x75f3d740 [0125.930] GetProcessHeap () returned 0x670000 [0125.930] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x75e80000 [0125.931] GetProcAddress (hModule=0x75e80000, lpProcName="FlsAlloc") returned 0x75f44490 [0125.931] GetLastError () returned 0x0 [0125.931] GetProcAddress (hModule=0x75e80000, lpProcName="FlsGetValue") returned 0x75f2f350 [0125.931] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x364) returned 0x680cd0 [0125.931] GetProcAddress (hModule=0x75e80000, lpProcName="FlsSetValue") returned 0x75f3d7a0 [0125.931] SetLastError (dwErrCode=0x0) [0125.931] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0xc00) returned 0x681040 [0125.933] GetStartupInfoW (in: lpStartupInfo=0x19fe98 | out: lpStartupInfo=0x19fe98*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4022f0, hStdOutput=0xdc0d207f, hStdError=0xfffffffe)) [0125.934] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0125.934] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0125.934] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.934] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" " [0125.934] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe\" " [0125.934] GetLastError () returned 0x0 [0125.934] SetLastError (dwErrCode=0x0) [0125.934] GetLastError () returned 0x0 [0125.934] SetLastError (dwErrCode=0x0) [0125.934] GetACP () returned 0x4e4 [0125.934] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x0, Size=0x220) returned 0x681c48 [0125.934] IsValidCodePage (CodePage=0x4e4) returned 1 [0125.934] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fec8 | out: lpCPInfo=0x19fec8) returned 1 [0125.934] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19f790 | out: lpCPInfo=0x19f790) returned 1 [0125.934] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0125.934] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0125.934] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x19f7a4 | out: lpCharType=0x19f7a4) returned 1 [0125.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0125.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0125.944] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x75e80000 [0125.945] GetProcAddress (hModule=0x75e80000, lpProcName="LCMapStringEx") returned 0x75f295f0 [0125.945] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0125.945] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f2c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0125.945] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fca4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ÷ÎUÜàþ\x19", lpUsedDefaultChar=0x0) returned 256 [0125.945] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0125.945] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x19fda4, cbMultiByte=256, lpWideCharStr=0x19f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0125.945] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0125.945] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0125.945] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fba4, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ÷ÎUÜàþ\x19", lpUsedDefaultChar=0x0) returned 256 [0125.952] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x0, Size=0x80) returned 0x6773a8 [0125.952] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x412bf8, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe")) returned 0x32 [0125.952] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x6e) returned 0x673f38 [0125.952] RtlInitializeSListHead (in: ListHead=0x4127f0 | out: ListHead=0x4127f0) [0125.952] GetLastError () returned 0x0 [0125.952] SetLastError (dwErrCode=0x0) [0125.952] GetEnvironmentStringsW () returned 0x681e70* [0125.952] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x0, Size=0xa1a) returned 0x682898 [0125.953] FreeEnvironmentStringsW (penv=0x681e70) returned 1 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x90) returned 0x673e70 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x3e) returned 0x67bc10 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x5c) returned 0x674308 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x6e) returned 0x673500 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x78) returned 0x674390 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x62) returned 0x6738f0 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x28) returned 0x6736a0 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x48) returned 0x672730 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x1a) returned 0x672780 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x3a) returned 0x67bb80 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x62) returned 0x677790 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x2a) returned 0x679248 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x2e) returned 0x6791d8 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x1c) returned 0x670580 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0xd2) returned 0x6799a0 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x7c) returned 0x673ca8 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x36) returned 0x67e690 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x3a) returned 0x67bd78 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x90) returned 0x677e18 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x24) returned 0x6736d0 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x30) returned 0x679210 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x36) returned 0x67e090 [0125.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x48) returned 0x673718 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x52) returned 0x673978 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x3c) returned 0x67ba18 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0xd6) returned 0x6796d0 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x2e) returned 0x679398 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x1e) returned 0x6739d8 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x2c) returned 0x679440 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x54) returned 0x679ad0 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x52) returned 0x67a100 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x24) returned 0x679b30 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x42) returned 0x673768 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x2c) returned 0x679478 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x44) returned 0x67a160 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x24) returned 0x679fe0 [0125.954] HeapFree (in: hHeap=0x670000, dwFlags=0x0, lpMem=0x682898 | out: hHeap=0x670000) returned 1 [0125.954] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x8, Size=0x800) returned 0x681e70 [0125.954] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0125.954] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x401e29) returned 0x0 [0125.954] GetStartupInfoW (in: lpStartupInfo=0x19ff00 | out: lpStartupInfo=0x19ff00*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0125.955] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0125.955] FindResourceW (hModule=0x400000, lpName=0x1, lpType=0xa) returned 0x415048 [0125.976] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0125.976] LoadResource (hModule=0x400000, hResInfo=0x415048) returned 0x415058 [0125.976] LockResource (hResData=0x415058) returned 0x415058 [0125.976] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0125.976] SizeofResource (hModule=0x400000, hResInfo=0x415048) returned 0x35a62 [0129.907] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0129.919] RoInitialize () returned 0x1 [0129.919] RoUninitialize () returned 0x0 [0130.113] SafeArrayAccessData (in: psa=0x6a7760, ppvData=0x19fed8 | out: ppvData=0x19fed8) returned 0x0 [0130.114] SafeArrayUnaccessData (psa=0x6a7760) returned 0x0 [0130.128] SafeArrayGetDim (psa=0x6a7760) returned 0x1 [0130.128] SafeArrayGetDim (psa=0x6a7760) returned 0x1 [0130.128] SafeArrayGetLBound (in: psa=0x6a7760, nDim=0x1, plLbound=0x19fc54 | out: plLbound=0x19fc54) returned 0x0 [0130.128] SafeArrayGetVartype (in: psa=0x6a7760, pvt=0x19fbc4 | out: pvt=0x19fbc4) returned 0x0 [0130.344] SafeArrayAllocDescriptorEx (in: vt=0x19000d, cDims=0x1, ppsaOut=0x19fcbc | out: ppsaOut=0x19fcbc) returned 0x0 [0130.344] SafeArrayAllocData (psa=0x6a73d0) returned 0x0 [0130.344] CoInitialize (pvReserved=0x0) returned 0x80010106 [0130.344] VirtualAlloc (lpAddress=0x0, dwSize=0x26000, flAllocationType=0x3000, flProtect=0x40) returned 0x4620000 [0130.352] SafeArrayGetDim (psa=0x6a76d0) returned 0x1 [0130.352] SafeArrayGetDim (psa=0x6a76d0) returned 0x1 [0130.352] SafeArrayGetLBound (in: psa=0x6a76d0, nDim=0x1, plLbound=0x19fc24 | out: plLbound=0x19fc24) returned 0x0 [0131.770] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ea2c | out: lpLuid=0x19ea2c*(LowPart=0x14, HighPart=0)) returned 1 [0131.775] GetCurrentProcess () returned 0xffffffff [0131.776] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ea28 | out: TokenHandle=0x19ea28*=0x2a0) returned 1 [0131.777] AdjustTokenPrivileges (in: TokenHandle=0x2a0, DisableAllPrivileges=0, NewState=0x2161fe0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0131.779] CloseHandle (hObject=0x2a0) returned 1 [0131.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x319ef30, Length=0x20000, ResultLength=0x19f10c | out: SystemInformation=0x319ef30, ResultLength=0x19f10c*=0x18ae0) returned 0x0 [0131.951] GetComputerNameW (in: lpBuffer=0x19eee4, nSize=0x19f15c | out: lpBuffer="XC64ZB", nSize=0x19f15c) returned 1 [0131.980] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19ef18 | out: lpTimeZoneInformation=0x19ef18) returned 0x2 [0131.983] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19ed6c | out: pTimeZoneInformation=0x19ed6c) returned 0x2 [0132.013] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee50 | out: phkResult=0x19ee50*=0x2ac) returned 0x0 [0132.014] RegQueryValueExW (in: hKey=0x2ac, lpValueName="TZI", lpReserved=0x0, lpType=0x19ee6c, lpData=0x0, lpcbData=0x19ee68*=0x0 | out: lpType=0x19ee6c*=0x3, lpData=0x0, lpcbData=0x19ee68*=0x2c) returned 0x0 [0132.014] RegQueryValueExW (in: hKey=0x2ac, lpValueName="TZI", lpReserved=0x0, lpType=0x19ee6c, lpData=0x2191ac0, lpcbData=0x19ee68*=0x2c | out: lpType=0x19ee6c*=0x3, lpData=0x2191ac0*, lpcbData=0x19ee68*=0x2c) returned 0x0 [0132.015] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eca4 | out: phkResult=0x19eca4*=0x0) returned 0x2 [0132.016] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19ee44, lpData=0x0, lpcbData=0x19ee40*=0x0 | out: lpType=0x19ee44*=0x1, lpData=0x0, lpcbData=0x19ee40*=0x20) returned 0x0 [0132.017] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19ee44, lpData=0x2191fcc, lpcbData=0x19ee40*=0x20 | out: lpType=0x19ee44*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19ee40*=0x20) returned 0x0 [0132.017] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19ee44, lpData=0x0, lpcbData=0x19ee40*=0x0 | out: lpType=0x19ee44*=0x1, lpData=0x0, lpcbData=0x19ee40*=0x20) returned 0x0 [0132.017] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19ee44, lpData=0x2192024, lpcbData=0x19ee40*=0x20 | out: lpType=0x19ee44*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19ee40*=0x20) returned 0x0 [0132.018] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19ee44, lpData=0x0, lpcbData=0x19ee40*=0x0 | out: lpType=0x19ee44*=0x1, lpData=0x0, lpcbData=0x19ee40*=0x20) returned 0x0 [0132.018] RegQueryValueExW (in: hKey=0x2ac, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19ee44, lpData=0x219207c, lpcbData=0x19ee40*=0x20 | out: lpType=0x19ee44*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19ee40*=0x20) returned 0x0 [0132.028] CoTaskMemAlloc (cb=0x20c) returned 0x714c60 [0132.028] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x714c60 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.030] CoTaskMemFree (pv=0x714c60) [0132.033] CoTaskMemAlloc (cb=0x20c) returned 0x714c60 [0132.033] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ee60, pwszFileMUIPath=0x714c60, pcchFileMUIPath=0x19ee64, pululEnumerator=0x19ee58 | out: pwszLanguage=0x0, pcchLanguage=0x19ee60, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ee64, pululEnumerator=0x19ee58) returned 1 [0132.070] CoTaskMemFree (pv=0x0) [0132.071] CoTaskMemFree (pv=0x714c60) [0132.071] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4650001 [0132.206] CoTaskMemAlloc (cb=0x3ec) returned 0x71b7f8 [0132.206] LoadStringW (in: hInstance=0x4650001, uID=0x140, lpBuffer=0x71b7f8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0132.207] CoTaskMemFree (pv=0x71b7f8) [0132.207] FreeLibrary (hLibModule=0x4650001) returned 1 [0132.208] CoTaskMemAlloc (cb=0x20c) returned 0x714c60 [0132.208] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x714c60 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.208] CoTaskMemFree (pv=0x714c60) [0132.208] CoTaskMemAlloc (cb=0x20c) returned 0x714c60 [0132.208] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ee60, pwszFileMUIPath=0x714c60, pcchFileMUIPath=0x19ee64, pululEnumerator=0x19ee58 | out: pwszLanguage=0x0, pcchLanguage=0x19ee60, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ee64, pululEnumerator=0x19ee58) returned 1 [0132.242] CoTaskMemFree (pv=0x0) [0132.242] CoTaskMemFree (pv=0x714c60) [0132.242] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4650001 [0132.247] CoTaskMemAlloc (cb=0x3ec) returned 0x71b7f8 [0132.247] LoadStringW (in: hInstance=0x4650001, uID=0x142, lpBuffer=0x71b7f8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0132.248] CoTaskMemFree (pv=0x71b7f8) [0132.248] FreeLibrary (hLibModule=0x4650001) returned 1 [0132.248] CoTaskMemAlloc (cb=0x20c) returned 0x714c60 [0132.248] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x714c60 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.248] CoTaskMemFree (pv=0x714c60) [0132.248] CoTaskMemAlloc (cb=0x20c) returned 0x714c60 [0132.248] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19ee60, pwszFileMUIPath=0x714c60, pcchFileMUIPath=0x19ee64, pululEnumerator=0x19ee58 | out: pwszLanguage=0x0, pcchLanguage=0x19ee60, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19ee64, pululEnumerator=0x19ee58) returned 1 [0132.254] CoTaskMemFree (pv=0x0) [0132.254] CoTaskMemFree (pv=0x714c60) [0132.254] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x4650001 [0132.259] CoTaskMemAlloc (cb=0x3ec) returned 0x71b7f8 [0132.259] LoadStringW (in: hInstance=0x4650001, uID=0x141, lpBuffer=0x71b7f8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0132.259] CoTaskMemFree (pv=0x71b7f8) [0132.259] FreeLibrary (hLibModule=0x4650001) returned 1 [0132.259] RegCloseKey (hKey=0x2ac) returned 0x0 [0132.897] GetACP () returned 0x4e4 [0132.934] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e1a4 | out: phkResult=0x19e1a4*=0x2bc) returned 0x0 [0132.934] RegQueryValueExW (in: hKey=0x2bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e1c4, lpData=0x0, lpcbData=0x19e1c0*=0x0 | out: lpType=0x19e1c4*=0x1, lpData=0x0, lpcbData=0x19e1c0*=0xe) returned 0x0 [0132.934] RegQueryValueExW (in: hKey=0x2bc, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e1c4, lpData=0x219b910, lpcbData=0x19e1c0*=0xe | out: lpType=0x19e1c4*=0x1, lpData="Client", lpcbData=0x19e1c0*=0xe) returned 0x0 [0132.935] RegCloseKey (hKey=0x2bc) returned 0x0 [0133.093] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", nBufferLength=0x105, lpBuffer=0x19db60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", lpFilePart=0x0) returned 0x39 [0133.093] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", nBufferLength=0x105, lpBuffer=0x19db08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", lpFilePart=0x0) returned 0x39 [0133.094] CoTaskMemAlloc (cb=0x20c) returned 0x71c800 [0133.095] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x71c800, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe")) returned 0x32 [0133.095] CoTaskMemFree (pv=0x71c800) [0133.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", nBufferLength=0x105, lpBuffer=0x19dbac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", lpFilePart=0x0) returned 0x32 [0133.262] GetCurrentProcess () returned 0xffffffff [0133.262] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dec0 | out: TokenHandle=0x19dec0*=0x2bc) returned 1 [0133.266] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19d99c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0133.268] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec0 | out: lpFileInformation=0x19dec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0133.270] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19d968, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0133.270] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec0 | out: lpFileInformation=0x19dec0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0133.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19d8f8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0133.272] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ddec) returned 1 [0133.272] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b4 [0133.273] GetFileType (hFile=0x2b4) returned 0x1 [0133.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19dde8) returned 1 [0133.273] GetFileType (hFile=0x2b4) returned 0x1 [0133.311] GetFileSize (in: hFile=0x2b4, lpFileSizeHigh=0x19deb4 | out: lpFileSizeHigh=0x19deb4*=0x0) returned 0x8c8f [0133.312] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19de70, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19de70*=0x1000, lpOverlapped=0x0) returned 1 [0133.328] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dd0c, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19dd0c*=0x1000, lpOverlapped=0x0) returned 1 [0133.333] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dbc0, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19dbc0*=0x1000, lpOverlapped=0x0) returned 1 [0133.333] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dbc0, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19dbc0*=0x1000, lpOverlapped=0x0) returned 1 [0133.334] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dbc0, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19dbc0*=0x1000, lpOverlapped=0x0) returned 1 [0133.334] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19daf8, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19daf8*=0x1000, lpOverlapped=0x0) returned 1 [0133.341] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dc74, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19dc74*=0x1000, lpOverlapped=0x0) returned 1 [0133.343] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19db88, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19db88*=0x1000, lpOverlapped=0x0) returned 1 [0133.343] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19db88, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19db88*=0xc8f, lpOverlapped=0x0) returned 1 [0133.344] ReadFile (in: hFile=0x2b4, lpBuffer=0x219f420, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dc48, lpOverlapped=0x0 | out: lpBuffer=0x219f420*, lpNumberOfBytesRead=0x19dc48*=0x0, lpOverlapped=0x0) returned 1 [0133.344] CloseHandle (hObject=0x2b4) returned 1 [0133.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", nBufferLength=0x105, lpBuffer=0x19db64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", lpFilePart=0x0) returned 0x39 [0133.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", nBufferLength=0x105, lpBuffer=0x19db0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", lpFilePart=0x0) returned 0x39 [0133.346] CoTaskMemAlloc (cb=0x20c) returned 0x714600 [0133.346] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x714600, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe")) returned 0x32 [0133.346] CoTaskMemFree (pv=0x714600) [0133.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", nBufferLength=0x105, lpBuffer=0x19dbb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe", lpFilePart=0x0) returned 0x32 [0133.346] GetCurrentProcess () returned 0xffffffff [0133.347] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dfe8 | out: TokenHandle=0x19dfe8*=0x2b4) returned 1 [0133.347] GetCurrentProcess () returned 0xffffffff [0133.347] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dfe8 | out: TokenHandle=0x19dfe8*=0x2c0) returned 1 [0133.347] GetCurrentProcess () returned 0xffffffff [0133.348] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dec0 | out: TokenHandle=0x19dec0*=0x2c4) returned 1 [0133.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec0 | out: lpFileInformation=0x19dec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.348] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", nBufferLength=0x105, lpBuffer=0x19d968, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config", lpFilePart=0x0) returned 0x39 [0133.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\RFQ Document.bin.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\rfq document.bin.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19dec0 | out: lpFileInformation=0x19dec0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0133.348] GetCurrentProcess () returned 0xffffffff [0133.349] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dfe8 | out: TokenHandle=0x19dfe8*=0x2c8) returned 1 [0133.351] GetCurrentProcess () returned 0xffffffff [0133.351] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19dfe8 | out: TokenHandle=0x19dfe8*=0x2cc) returned 1 [0133.375] GetCurrentProcess () returned 0xffffffff [0133.375] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ddac | out: TokenHandle=0x19ddac*=0x2d0) returned 1 [0133.405] GetCurrentProcess () returned 0xffffffff [0133.405] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ddc0 | out: TokenHandle=0x19ddc0*=0x2d4) returned 1 [0134.262] CoTaskMemAlloc (cb=0xcc0) returned 0x724c18 [0134.262] RasEnumConnectionsW (in: param_1=0x724c18, param_2=0x19f06c, param_3=0x19f070 | out: param_1=0x724c18, param_2=0x19f06c, param_3=0x19f070) returned 0x0 [0134.554] CoTaskMemFree (pv=0x724c18) [0135.647] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19ee54 | out: lpWSAData=0x19ee54) returned 0 [0135.657] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x330 [0136.285] setsockopt (s=0x330, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0136.286] closesocket (s=0x330) returned 0 [0136.286] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x330 [0136.288] setsockopt (s=0x330, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0136.288] closesocket (s=0x330) returned 0 [0136.293] GetCurrentProcess () returned 0xffffffff [0136.293] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec08 | out: TokenHandle=0x19ec08*=0x330) returned 1 [0136.299] GetCurrentProcess () returned 0xffffffff [0136.299] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec1c | out: TokenHandle=0x19ec1c*=0x334) returned 1 [0136.332] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x338 [0136.334] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c [0136.336] ioctlsocket (in: s=0x338, cmd=-2147195266, argp=0x19f074 | out: argp=0x19f074) returned 0 [0136.336] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x340 [0136.336] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344 [0136.336] ioctlsocket (in: s=0x340, cmd=-2147195266, argp=0x19f074 | out: argp=0x19f074) returned 0 [0136.337] WSAIoctl (in: s=0x338, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f05c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f05c, lpOverlapped=0x0) returned -1 [0136.340] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ed8c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0136.377] WSAEventSelect (s=0x338, hEventObject=0x33c, lNetworkEvents=512) returned 0 [0136.377] WSAIoctl (in: s=0x340, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f05c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f05c, lpOverlapped=0x0) returned -1 [0136.377] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ed8c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0136.378] WSAEventSelect (s=0x340, hEventObject=0x344, lNetworkEvents=512) returned 0 [0136.378] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c [0136.378] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x34c, param_3=0x3) returned 0x0 [0136.386] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19f088 | out: phkResult=0x19f088*=0x364) returned 0x0 [0136.387] RegOpenKeyExW (in: hKey=0x364, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f038 | out: phkResult=0x19f038*=0x368) returned 0x0 [0136.387] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x36c [0136.388] RegNotifyChangeKeyValue (hKey=0x368, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x36c, fAsynchronous=1) returned 0x0 [0136.389] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f03c | out: phkResult=0x19f03c*=0x370) returned 0x0 [0136.389] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0136.389] RegNotifyChangeKeyValue (hKey=0x370, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x374, fAsynchronous=1) returned 0x0 [0136.389] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f03c | out: phkResult=0x19f03c*=0x378) returned 0x0 [0136.389] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0136.389] RegNotifyChangeKeyValue (hKey=0x378, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x37c, fAsynchronous=1) returned 0x0 [0136.390] GetCurrentProcess () returned 0xffffffff [0136.390] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f030 | out: TokenHandle=0x19f030*=0x380) returned 1 [0136.426] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e940 | out: phkResult=0x19e940*=0x398) returned 0x0 [0136.426] RegQueryValueExW (in: hKey=0x398, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x19e95c, lpData=0x0, lpcbData=0x19e958*=0x0 | out: lpType=0x19e95c*=0x0, lpData=0x0, lpcbData=0x19e958*=0x0) returned 0x2 [0136.426] RegCloseKey (hKey=0x398) returned 0x0 [0137.050] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x72bac8 [0137.769] WinHttpSetTimeouts (hInternet=0x72bac8, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0137.770] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19f03c | out: pProxyConfig=0x19f03c) returned 1 [0138.165] SystemFunction041 (in: Memory=0x71ea94, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x71ea94) returned 0x0 [0138.171] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3d8 [0138.171] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3e4 [0138.175] GetCurrentProcess () returned 0xffffffff [0138.175] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec28 | out: TokenHandle=0x19ec28*=0x3e8) returned 1 [0138.178] GetCurrentProcess () returned 0xffffffff [0138.178] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec3c | out: TokenHandle=0x19ec3c*=0x3ec) returned 1 [0138.182] QueryPerformanceFrequency (in: lpFrequency=0x915c10 | out: lpFrequency=0x915c10*=100000000) returned 1 [0138.182] QueryPerformanceCounter (in: lpPerformanceCount=0x19f044 | out: lpPerformanceCount=0x19f044*=1553817131262) returned 1 [0138.184] GetCurrentProcess () returned 0xffffffff [0138.184] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec0c | out: TokenHandle=0x19ec0c*=0x3f0) returned 1 [0138.187] GetCurrentProcess () returned 0xffffffff [0138.187] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ec20 | out: TokenHandle=0x19ec20*=0x3f4) returned 1 [0138.191] GetCurrentProcess () returned 0xffffffff [0138.191] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef2c | out: TokenHandle=0x19ef2c*=0x3f8) returned 1 [0138.192] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19ef58 | out: phkResult=0x19ef58*=0x3fc) returned 0x0 [0138.192] RegOpenKeyExW (in: hKey=0x3fc, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef08 | out: phkResult=0x19ef08*=0x404) returned 0x0 [0138.192] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x408 [0138.192] RegNotifyChangeKeyValue (hKey=0x404, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x408, fAsynchronous=1) returned 0x0 [0138.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef0c | out: phkResult=0x19ef0c*=0x40c) returned 0x0 [0138.193] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x410 [0138.193] RegNotifyChangeKeyValue (hKey=0x40c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x410, fAsynchronous=1) returned 0x0 [0138.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef0c | out: phkResult=0x19ef0c*=0x414) returned 0x0 [0138.193] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418 [0138.193] RegNotifyChangeKeyValue (hKey=0x414, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x418, fAsynchronous=1) returned 0x0 [0138.194] GetCurrentProcess () returned 0xffffffff [0138.194] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef00 | out: TokenHandle=0x19ef00*=0x41c) returned 1 [0138.194] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x7295b0 [0138.194] WinHttpSetTimeouts (hInternet=0x7295b0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0138.194] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19ef0c | out: pProxyConfig=0x19ef0c) returned 1 [0138.209] CoTaskMemAlloc (cb=0x20c) returned 0x73bf08 [0138.209] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x73bf08, nSize=0x104 | out: lpBuffer="") returned 0x0 [0138.209] CoTaskMemFree (pv=0x73bf08) [0138.209] CoTaskMemAlloc (cb=0x20c) returned 0x73bf08 [0138.209] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x73bf08, nSize=0x104 | out: lpBuffer="") returned 0x0 [0138.209] CoTaskMemFree (pv=0x73bf08) [0138.219] EtwEventRegister (in: ProviderId=0x21c49f0, EnableCallback=0x4664146, CallbackContext=0x0, RegHandle=0x21c49cc | out: RegHandle=0x21c49cc) returned 0x0 [0138.222] EtwEventSetInformation (RegHandle=0x67feb8, InformationClass=0x3e, EventInformation=0x2, InformationLength=0x21c498c) returned 0x0 [0138.226] GetCurrentProcess () returned 0xffffffff [0138.226] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ebd4 | out: TokenHandle=0x19ebd4*=0x428) returned 1 [0138.230] GetCurrentProcess () returned 0xffffffff [0138.230] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ebe8 | out: TokenHandle=0x19ebe8*=0x42c) returned 1 [0138.251] GetCurrentProcess () returned 0xffffffff [0138.251] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eb78 | out: TokenHandle=0x19eb78*=0x430) returned 1 [0138.252] GetCurrentProcess () returned 0xffffffff [0138.252] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eb8c | out: TokenHandle=0x19eb8c*=0x434) returned 1 [0138.254] SetEvent (hEvent=0x3d8) returned 1 [0138.315] EtwEventRegister (in: ProviderId=0x21c7430, EnableCallback=0x466416e, CallbackContext=0x0, RegHandle=0x21c740c | out: RegHandle=0x21c740c) returned 0x0 [0138.315] EtwEventSetInformation (RegHandle=0x67eb38, InformationClass=0x3f, EventInformation=0x2, InformationLength=0x21c73d0) returned 0x0 [0138.317] SetEvent (hEvent=0x3d8) returned 1 [0138.331] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19eec0 | out: pFixedInfo=0x0, pOutBufLen=0x19eec0) returned 0x6f [0138.913] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x73cd00 [0138.913] GetNetworkParams (in: pFixedInfo=0x73cd00, pOutBufLen=0x19eec0 | out: pFixedInfo=0x73cd00, pOutBufLen=0x19eec0) returned 0x0 [0138.939] LocalFree (hMem=0x73cd00) returned 0x0 [0138.941] CoTaskMemAlloc (cb=0x20c) returned 0x73cd00 [0138.941] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x73cd00, nSize=0x104 | out: lpBuffer="") returned 0x0 [0138.941] CoTaskMemFree (pv=0x73cd00) [0138.941] CoTaskMemAlloc (cb=0x20c) returned 0x73cd00 [0138.941] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x73cd00, nSize=0x104 | out: lpBuffer="") returned 0x0 [0138.941] CoTaskMemFree (pv=0x73cd00) [0138.948] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x490 [0138.951] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x464 [0138.952] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x19edb0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19ed58 | out: ppResult=0x19ed58*=0x72c3b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x73b7f8*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x72c040*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b8a0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x72bcd0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b870*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x72be88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b810*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x72c090*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b828*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x72bd48*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b858*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x72bf00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x731a38*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) returned 0 [0139.402] FreeAddrInfoW (pAddrInfo=0x72c3b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.com", ai_addr=0x73b7f8*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x72c040*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b8a0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x72bcd0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b870*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x72be88*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b810*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x72c090*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b828*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x72bd48*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b858*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x72bf00*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x731a38*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) [0139.403] GetAddrInfoW (in: pNodeName="checkip.dyndns.org", pServiceName=0x0, pHints=0x19edb0*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19ed58 | out: ppResult=0x19ed58*=0x72be60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x73b7f8*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x72bd20*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b8a0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x72bcd0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b810*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x72bfc8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b828*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x72bcf8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b870*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x72c158*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b840*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x72bc80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b858*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) returned 0 [0139.410] FreeAddrInfoW (pAddrInfo=0x72be60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="checkip.dyndns.org", ai_addr=0x73b7f8*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.70"), ai_next=0x72bd20*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b8a0*(sa_family=2, sin_port=0x0, sin_addr="216.146.43.71"), ai_next=0x72bcd0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b810*(sa_family=2, sin_port=0x0, sin_addr="132.226.8.169"), ai_next=0x72bfc8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b828*(sa_family=2, sin_port=0x0, sin_addr="158.101.44.242"), ai_next=0x72bcf8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b870*(sa_family=2, sin_port=0x0, sin_addr="132.226.247.73"), ai_next=0x72c158*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b840*(sa_family=2, sin_port=0x0, sin_addr="193.122.130.0"), ai_next=0x72bc80*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x73b858*(sa_family=2, sin_port=0x0, sin_addr="193.122.6.168"), ai_next=0x0)))))))) [0139.412] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0139.412] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c0 [0139.412] ioctlsocket (in: s=0x4bc, cmd=-2147195266, argp=0x19ed88 | out: argp=0x19ed88) returned 0 [0139.412] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c4 [0139.412] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c8 [0139.412] ioctlsocket (in: s=0x4c4, cmd=-2147195266, argp=0x19ed88 | out: argp=0x19ed88) returned 0 [0139.413] WSAIoctl (in: s=0x4bc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ed70, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ed70, lpOverlapped=0x0) returned -1 [0139.413] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eaa0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0139.413] WSAEventSelect (s=0x4bc, hEventObject=0x4c0, lNetworkEvents=512) returned 0 [0139.413] WSAIoctl (in: s=0x4c4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19ed70, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19ed70, lpOverlapped=0x0) returned -1 [0139.413] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eaa0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0139.413] WSAEventSelect (s=0x4c4, hEventObject=0x4c8, lNetworkEvents=512) returned 0 [0139.414] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19ed6c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19ed6c*=0xa78) returned 0x6f [0139.418] LocalAlloc (uFlags=0x0, uBytes=0xa78) returned 0x73d798 [0139.418] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x73d798, SizePointer=0x19ed6c*=0xa78 | out: AdapterAddresses=0x73d798*(Alignment=0x500000178, Length=0x178, IfIndex=0x5, Next=0x73da40, AdapterName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", FirstUnicastAddress=0x73d9b4, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x88, [1]=0xba, [2]=0x7f, [3]=0xce, [4]=0x54, [5]=0xd6, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008000000000, Dhcpv4Server.lpSockaddr=0x73d910*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x300053a, FirstDnsSuffix=0x0), SizePointer=0x19ed6c*=0xa78) returned 0x0 [0139.429] LocalFree (hMem=0x73d798) returned 0x0 [0139.434] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ed7c | out: phkResult=0x19ed7c*=0x4cc) returned 0x0 [0139.434] RegQueryValueExW (in: hKey=0x4cc, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19ed98, lpData=0x0, lpcbData=0x19ed94*=0x0 | out: lpType=0x19ed98*=0x0, lpData=0x0, lpcbData=0x19ed94*=0x0) returned 0x2 [0139.435] RegCloseKey (hKey=0x4cc) returned 0x0 [0139.436] WSAConnect (in: s=0x490, name=0x21d0fbc*(sa_family=2, sin_port=0x50, sin_addr="216.146.43.70"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0148.614] closesocket (s=0x464) returned 0 [0148.625] send (s=0x490, buf=0x21d1be8*, len=151, flags=0) returned 151 [0148.629] setsockopt (s=0x490, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0148.630] recv (in: s=0x490, buf=0x21cbef4, len=4096, flags=0 | out: buf=0x21cbef4*) returned 263 [0148.673] setsockopt (s=0x490, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0148.676] SetEvent (hEvent=0x3d8) returned 1 [0148.678] shutdown (s=0x490, how=2) returned 0 [0148.678] closesocket (s=0x490) returned 0 [0148.706] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19eff4 | out: phkResult=0x19eff4*=0x490) returned 0x0 [0148.707] RegOpenKeyExW (in: hKey=0x490, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efa4 | out: phkResult=0x19efa4*=0x464) returned 0x0 [0148.707] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4cc [0148.707] RegNotifyChangeKeyValue (hKey=0x464, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4cc, fAsynchronous=1) returned 0x0 [0148.707] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efa8 | out: phkResult=0x19efa8*=0x4d0) returned 0x0 [0148.707] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d4 [0148.707] RegNotifyChangeKeyValue (hKey=0x4d0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4d4, fAsynchronous=1) returned 0x0 [0148.708] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19efa8 | out: phkResult=0x19efa8*=0x4d8) returned 0x0 [0148.708] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4dc [0148.708] RegNotifyChangeKeyValue (hKey=0x4d8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4dc, fAsynchronous=1) returned 0x0 [0148.708] GetCurrentProcess () returned 0xffffffff [0148.708] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef9c | out: TokenHandle=0x19ef9c*=0x4e0) returned 1 [0148.708] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x740a68 [0148.709] WinHttpSetTimeouts (hInternet=0x740a68, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0148.709] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19efa8 | out: pProxyConfig=0x19efa8) returned 1 [0148.720] QueryPerformanceCounter (in: lpPerformanceCount=0x19efb0 | out: lpPerformanceCount=0x19efb0*=1554870910191) returned 1 [0148.721] SetEvent (hEvent=0x3d8) returned 1 [0148.721] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4e8 [0148.722] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4ec [0148.725] WSAConnect (in: s=0x4e8, name=0x21d5b2c*(sa_family=2, sin_port=0x50, sin_addr="216.146.43.70"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0148.768] closesocket (s=0x4ec) returned 0 [0148.769] send (s=0x4e8, buf=0x21d1be8*, len=127, flags=0) returned 127 [0148.770] setsockopt (s=0x4e8, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0148.770] recv (in: s=0x4e8, buf=0x21cbef4, len=4096, flags=0 | out: buf=0x21cbef4*) returned 263 [0148.823] setsockopt (s=0x4e8, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0148.823] SetEvent (hEvent=0x3d8) returned 1 [0148.823] shutdown (s=0x4e8, how=2) returned 0 [0148.823] closesocket (s=0x4e8) returned 0 [0151.166] QueryPerformanceCounter (in: lpPerformanceCount=0x19e854 | out: lpPerformanceCount=0x19e854*=1555115482909) returned 1 [0151.166] SetEvent (hEvent=0x3d8) returned 1 [0151.167] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4ec [0151.168] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f8 [0151.168] GetAddrInfoW (in: pNodeName="freegeoip.app", pServiceName=0x0, pHints=0x19e5bc*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19e564 | out: ppResult=0x19e564*=0x72beb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="freegeoip.app", ai_addr=0x737128*(sa_family=2, sin_port=0x0, sin_addr="172.67.188.154"), ai_next=0x72c0e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x736fd8*(sa_family=2, sin_port=0x0, sin_addr="104.21.19.200"), ai_next=0x0))) returned 0 [0151.232] FreeAddrInfoW (pAddrInfo=0x72beb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="freegeoip.app", ai_addr=0x737128*(sa_family=2, sin_port=0x0, sin_addr="172.67.188.154"), ai_next=0x72c0e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x736fd8*(sa_family=2, sin_port=0x0, sin_addr="104.21.19.200"), ai_next=0x0))) [0151.232] WSAConnect (in: s=0x4ec, name=0x21deda8*(sa_family=2, sin_port=0x1bb, sin_addr="172.67.188.154"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0151.330] closesocket (s=0x4f8) returned 0 [0151.341] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19cfe8 | out: phkResult=0x19cfe8*=0x0) returned 0x2 [0151.344] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e500 | out: phkResult=0x19e500*=0x4f8) returned 0x0 [0151.344] RegQueryValueExW (in: hKey=0x4f8, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19e51c, lpData=0x0, lpcbData=0x19e518*=0x0 | out: lpType=0x19e51c*=0x0, lpData=0x0, lpcbData=0x19e518*=0x0) returned 0x2 [0151.344] RegCloseKey (hKey=0x4f8) returned 0x0 [0151.462] EnumerateSecurityPackagesW (in: pcPackages=0x19e50c, ppPackageInfo=0x19e4a0 | out: pcPackages=0x19e50c, ppPackageInfo=0x19e4a0) returned 0x0 [0151.473] FreeContextBuffer (in: pvContextBuffer=0x746df0 | out: pvContextBuffer=0x746df0) returned 0x0 [0151.482] GetCurrentProcess () returned 0xffffffff [0151.482] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2ec | out: TokenHandle=0x19e2ec*=0x500) returned 1 [0151.484] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x21e0160, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x19e340, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x21e1668, ptsExpiry=0x19e2c4 | out: phCredential=0x21e1668, ptsExpiry=0x19e2c4) returned 0x0 [0152.834] InitializeSecurityContextW (in: phCredential=0x19e304, phContext=0x0, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e17f4, pfContextAttr=0x21e0134, ptsExpiry=0x19e2fc | out: phNewContext=0x21e185c, pOutput=0x21e17f4, pfContextAttr=0x21e0134, ptsExpiry=0x19e2fc) returned 0x90312 [0152.835] FreeContextBuffer (in: pvContextBuffer=0x717b50 | out: pvContextBuffer=0x717b50) returned 0x0 [0152.847] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x74650000 [0152.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x19e34c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0152.850] GetProcAddress (hModule=0x74650000, lpProcName="GetCurrentPackageId") returned 0x75f3ded0 [0152.850] GetCurrentPackageId () returned 0x3d54 [0152.852] send (s=0x4ec, buf=0x21e1870*, len=125, flags=0) returned 125 [0152.854] recv (in: s=0x4ec, buf=0x21e1870, len=5, flags=0 | out: buf=0x21e1870*) returned 5 [0152.872] recv (in: s=0x4ec, buf=0x21e1875, len=67, flags=0 | out: buf=0x21e1875*) returned 67 [0152.873] InitializeSecurityContextW (in: phCredential=0x19e268, phContext=0x19e2f4, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21e1d9c, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e1db0, pfContextAttr=0x21e0134, ptsExpiry=0x19e260 | out: phNewContext=0x21e185c, pOutput=0x21e1db0, pfContextAttr=0x21e0134, ptsExpiry=0x19e260) returned 0x90312 [0152.874] recv (in: s=0x4ec, buf=0x21e1e40, len=5, flags=0 | out: buf=0x21e1e40*) returned 5 [0152.875] recv (in: s=0x4ec, buf=0x21e1e59, len=2353, flags=0 | out: buf=0x21e1e59*) returned 2353 [0152.875] InitializeSecurityContextW (in: phCredential=0x19e1d0, phContext=0x19e25c, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21e27fc, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e2810, pfContextAttr=0x21e0134, ptsExpiry=0x19e1c8 | out: phNewContext=0x21e185c, pOutput=0x21e2810, pfContextAttr=0x21e0134, ptsExpiry=0x19e1c8) returned 0x90312 [0152.877] recv (in: s=0x4ec, buf=0x21e28a0, len=5, flags=0 | out: buf=0x21e28a0*) returned 5 [0152.877] recv (in: s=0x4ec, buf=0x21e28b9, len=146, flags=0 | out: buf=0x21e28b9*) returned 146 [0152.877] InitializeSecurityContextW (in: phCredential=0x19e138, phContext=0x19e1c4, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21e29bc, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e29d0, pfContextAttr=0x21e0134, ptsExpiry=0x19e130 | out: phNewContext=0x21e185c, pOutput=0x21e29d0, pfContextAttr=0x21e0134, ptsExpiry=0x19e130) returned 0x90312 [0152.878] recv (in: s=0x4ec, buf=0x21e2a60, len=5, flags=0 | out: buf=0x21e2a60*) returned 5 [0152.878] recv (in: s=0x4ec, buf=0x21e2a79, len=4, flags=0 | out: buf=0x21e2a79*) returned 4 [0152.878] InitializeSecurityContextW (in: phCredential=0x19e0a0, phContext=0x19e12c, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21e2af0, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e2b04, pfContextAttr=0x21e0134, ptsExpiry=0x19e098 | out: phNewContext=0x21e185c, pOutput=0x21e2b04, pfContextAttr=0x21e0134, ptsExpiry=0x19e098) returned 0x90312 [0152.911] FreeContextBuffer (in: pvContextBuffer=0x6abd60 | out: pvContextBuffer=0x6abd60) returned 0x0 [0152.911] send (s=0x4ec, buf=0x21e2b80*, len=134, flags=0) returned 134 [0152.912] recv (in: s=0x4ec, buf=0x21e2b80, len=5, flags=0 | out: buf=0x21e2b80*) returned 5 [0152.926] recv (in: s=0x4ec, buf=0x21e2c2d, len=202, flags=0 | out: buf=0x21e2c2d*) returned 202 [0152.926] InitializeSecurityContextW (in: phCredential=0x19e008, phContext=0x19e094, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21e2d68, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e2d7c, pfContextAttr=0x21e0134, ptsExpiry=0x19e000 | out: phNewContext=0x21e185c, pOutput=0x21e2d7c, pfContextAttr=0x21e0134, ptsExpiry=0x19e000) returned 0x90312 [0152.926] recv (in: s=0x4ec, buf=0x21e2e0c, len=5, flags=0 | out: buf=0x21e2e0c*) returned 5 [0152.926] recv (in: s=0x4ec, buf=0x21e2e25, len=1, flags=0 | out: buf=0x21e2e25*) returned 1 [0152.927] InitializeSecurityContextW (in: phCredential=0x19df70, phContext=0x19dffc, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21e2e98, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e2eac, pfContextAttr=0x21e0134, ptsExpiry=0x19df68 | out: phNewContext=0x21e185c, pOutput=0x21e2eac, pfContextAttr=0x21e0134, ptsExpiry=0x19df68) returned 0x90312 [0152.927] recv (in: s=0x4ec, buf=0x21e2f3c, len=5, flags=0 | out: buf=0x21e2f3c*) returned 5 [0152.927] recv (in: s=0x4ec, buf=0x21e2f55, len=48, flags=0 | out: buf=0x21e2f55*) returned 48 [0152.927] InitializeSecurityContextW (in: phCredential=0x19ded8, phContext=0x19df64, pTargetName=0x21dedf4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x21e2ff8, Reserved2=0x0, phNewContext=0x21e185c, pOutput=0x21e300c, pfContextAttr=0x21e0134, ptsExpiry=0x19ded0 | out: phNewContext=0x21e185c, pOutput=0x21e300c, pfContextAttr=0x21e0134, ptsExpiry=0x19ded0) returned 0x0 [0153.602] QueryContextAttributesW (in: phContext=0x21e185c, ulAttribute=0x4, pBuffer=0x21e30b8 | out: pBuffer=0x21e30b8) returned 0x0 [0153.602] QueryContextAttributesW (in: phContext=0x21e185c, ulAttribute=0x5a, pBuffer=0x21e3110 | out: pBuffer=0x21e3110) returned 0x0 [0153.610] QueryContextAttributesW (in: phContext=0x21e185c, ulAttribute=0x53, pBuffer=0x21e33c4 | out: pBuffer=0x21e33c4) returned 0x0 [0153.650] CertDuplicateCertificateContext (pCertContext=0x6f7808) returned 0x6f7808 [0153.651] CertDuplicateStore (hCertStore=0x73a108) returned 0x73a108 [0153.651] CertEnumCertificatesInStore (hCertStore=0x73a108, pPrevCertContext=0x0) returned 0x6f78a8 [0153.652] CertDuplicateCertificateContext (pCertContext=0x6f78a8) returned 0x6f78a8 [0153.652] CertEnumCertificatesInStore (hCertStore=0x73a108, pPrevCertContext=0x6f78a8) returned 0x6f7808 [0153.652] CertDuplicateCertificateContext (pCertContext=0x6f7808) returned 0x6f7808 [0153.652] CertEnumCertificatesInStore (hCertStore=0x73a108, pPrevCertContext=0x6f7808) returned 0x0 [0153.652] CertCloseStore (hCertStore=0x73a108, dwFlags=0x0) returned 1 [0153.652] CertFreeCertificateContext (pCertContext=0x6f7808) returned 1 [0153.676] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x72cc80 [0153.678] CertAddCRLLinkToStore (in: hCertStore=0x72cc80, pCrlContext=0x6f78a8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0153.679] CertAddCRLLinkToStore (in: hCertStore=0x72cc80, pCrlContext=0x6f7808, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0153.702] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x6f7808, pTime=0x19dee4, hAdditionalStore=0x72cc80, pChainPara=0x19de24, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x19de18 | out: ppChainContext=0x19de18) returned 1 [0153.717] CertDuplicateCertificateChain (pChainContext=0x740728) returned 0x740728 [0153.719] CertDuplicateCertificateContext (pCertContext=0x6f7808) returned 0x6f7808 [0153.719] CertDuplicateCertificateContext (pCertContext=0x6f73f8) returned 0x6f73f8 [0153.719] CertDuplicateCertificateContext (pCertContext=0x74ab40) returned 0x74ab40 [0153.719] CertFreeCertificateChain (pChainContext=0x740728) [0153.720] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x740728, pPolicyPara=0x19dfc4, pPolicyStatus=0x19dfb0 | out: pPolicyStatus=0x19dfb0) returned 1 [0153.721] SetLastError (dwErrCode=0x0) [0153.723] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x740728, pPolicyPara=0x19e030, pPolicyStatus=0x19dfd8 | out: pPolicyStatus=0x19dfd8) returned 1 [0153.727] CertFreeCertificateChain (pChainContext=0x740728) [0153.727] CertFreeCertificateContext (pCertContext=0x6f7808) returned 1 [0153.729] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0153.729] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x733a80, nSize=0x104 | out: lpBuffer="") returned 0x0 [0153.729] CoTaskMemFree (pv=0x733a80) [0153.729] CoTaskMemAlloc (cb=0x20c) returned 0x732fb8 [0153.730] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x732fb8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0153.730] CoTaskMemFree (pv=0x732fb8) [0153.730] CoTaskMemAlloc (cb=0x20c) returned 0x732fb8 [0153.730] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x732fb8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0153.730] CoTaskMemFree (pv=0x732fb8) [0153.730] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0153.730] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x732b68, nSize=0x104 | out: lpBuffer="") returned 0x0 [0153.730] CoTaskMemFree (pv=0x732b68) [0153.731] EncryptMessage (in: phContext=0x21e185c, fQOP=0x0, pMessage=0x21eb5d4, MessageSeqNo=0x0 | out: pMessage=0x21eb5d4) returned 0x0 [0153.731] send (s=0x4ec, buf=0x21ea0ac*, len=117, flags=0) returned 117 [0153.732] setsockopt (s=0x4ec, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0153.734] recv (in: s=0x4ec, buf=0x21f786c, len=5, flags=0 | out: buf=0x21f786c*) returned 5 [0153.761] recv (in: s=0x4ec, buf=0x21f7871, len=1264, flags=0 | out: buf=0x21f7871*) returned 1264 [0153.762] DecryptMessage (in: phContext=0x21e185c, pMessage=0x21fb92c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x21fb92c, pfQOP=0x0) returned 0x0 [0153.764] setsockopt (s=0x4ec, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0153.894] _finite (_X=0x0) returned 1 [0153.919] CoTaskMemAlloc (cb=0x20c) returned 0x7340f8 [0153.919] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x7340f8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0153.921] CoTaskMemFree (pv=0x7340f8) [0153.921] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ebf4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0154.012] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f66c | out: phkResult=0x19f66c*=0x0) returned 0x2 [0154.013] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f66c | out: phkResult=0x19f66c*=0x0) returned 0x2 [0154.013] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f66c | out: phkResult=0x19f66c*=0x0) returned 0x2 [0154.013] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f66c | out: phkResult=0x19f66c*=0x5f0) returned 0x0 [0154.014] RegQueryInfoKeyW (in: hKey=0x5f0, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f694, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f690, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f694*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f690*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0154.014] RegEnumKeyExW (in: hKey=0x5f0, dwIndex=0x0, lpName=0x2203c64, lpcchName=0x19f6b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x19f6b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0154.014] RegEnumKeyExW (in: hKey=0x5f0, dwIndex=0x1, lpName=0x2203c64, lpcchName=0x19f6b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x19f6b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0154.014] RegEnumKeyExW (in: hKey=0x5f0, dwIndex=0x2, lpName=0x2203c64, lpcchName=0x19f6b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x19f6b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0154.015] RegOpenKeyExW (in: hKey=0x5f0, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f66c | out: phkResult=0x19f66c*=0x5e0) returned 0x0 [0154.016] RegQueryValueExW (in: hKey=0x5e0, lpValueName="Email", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.017] RegCloseKey (hKey=0x5e0) returned 0x0 [0154.017] RegOpenKeyExW (in: hKey=0x5f0, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f66c | out: phkResult=0x19f66c*=0x5e0) returned 0x0 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="Email", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x1, lpData=0x0, lpcbData=0x19f688*=0x1e) returned 0x0 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="Email", lpReserved=0x0, lpType=0x19f68c, lpData=0x22041a0, lpcbData=0x19f688*=0x1e | out: lpType=0x19f68c*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f688*=0x1e) returned 0x0 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x3, lpData=0x0, lpcbData=0x19f688*=0x121) returned 0x0 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x22041f8, lpcbData=0x19f688*=0x121 | out: lpType=0x19f68c*=0x3, lpData=0x22041f8*, lpcbData=0x19f688*=0x121) returned 0x0 [0154.017] RegQueryValueExW (in: hKey=0x5e0, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.018] RegQueryValueExW (in: hKey=0x5e0, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.018] RegQueryValueExW (in: hKey=0x5e0, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.018] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x3, lpData=0x0, lpcbData=0x19f688*=0x121) returned 0x0 [0154.018] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x2204328, lpcbData=0x19f688*=0x121 | out: lpType=0x19f68c*=0x3, lpData=0x2204328*, lpcbData=0x19f688*=0x121) returned 0x0 [0154.018] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x3, lpData=0x0, lpcbData=0x19f688*=0x121) returned 0x0 [0154.018] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x2204458, lpcbData=0x19f688*=0x121 | out: lpType=0x19f68c*=0x3, lpData=0x2204458*, lpcbData=0x19f688*=0x121) returned 0x0 [0154.137] CryptUnprotectData (in: pDataIn=0x19f650, ppszDataDescr=0x0, pOptionalEntropy=0x19f648, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f658 | out: ppszDataDescr=0x0, pDataOut=0x19f658) returned 1 [0154.151] LocalFree (hMem=0x6fd290) returned 0x0 [0154.169] RegQueryValueExW (in: hKey=0x5e0, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.170] RegQueryValueExW (in: hKey=0x5e0, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.170] RegQueryValueExW (in: hKey=0x5e0, lpValueName="Email", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x1, lpData=0x0, lpcbData=0x19f688*=0x1e) returned 0x0 [0154.170] RegQueryValueExW (in: hKey=0x5e0, lpValueName="Email", lpReserved=0x0, lpType=0x19f68c, lpData=0x2204788, lpcbData=0x19f688*=0x1e | out: lpType=0x19f68c*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f688*=0x1e) returned 0x0 [0154.216] RegQueryValueExW (in: hKey=0x5e0, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x1, lpData=0x0, lpcbData=0x19f688*=0x1c) returned 0x0 [0154.216] RegQueryValueExW (in: hKey=0x5e0, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f68c, lpData=0x2205c08, lpcbData=0x19f688*=0x1c | out: lpType=0x19f68c*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f688*=0x1c) returned 0x0 [0154.223] RegCloseKey (hKey=0x5e0) returned 0x0 [0154.223] RegOpenKeyExW (in: hKey=0x5f0, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f66c | out: phkResult=0x19f66c*=0x5e0) returned 0x0 [0154.223] RegQueryValueExW (in: hKey=0x5e0, lpValueName="Email", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.223] RegQueryValueExW (in: hKey=0x5e0, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.223] RegQueryValueExW (in: hKey=0x5e0, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.223] RegQueryValueExW (in: hKey=0x5e0, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.223] RegQueryValueExW (in: hKey=0x5e0, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f68c, lpData=0x0, lpcbData=0x19f688*=0x0 | out: lpType=0x19f68c*=0x0, lpData=0x0, lpcbData=0x19f688*=0x0) returned 0x2 [0154.223] RegCloseKey (hKey=0x5e0) returned 0x0 [0154.238] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Classes\\Foxmail.url.mailto\\Shell\\open\\command", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f71c | out: phkResult=0x19f71c*=0x0) returned 0x2 [0154.327] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0154.327] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.328] CoTaskMemFree (pv=0x733408) [0154.328] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.365] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58 [0154.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.366] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.405] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", lpFilePart=0x0) returned 0x58 [0154.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\ya login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.423] CoTaskMemAlloc (cb=0x20c) returned 0x7340f8 [0154.423] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x7340f8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.424] CoTaskMemFree (pv=0x7340f8) [0154.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0154.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.428] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0154.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.452] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0154.452] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.452] CoTaskMemFree (pv=0x733408) [0154.453] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.453] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0154.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x45 [0154.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xpom\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xpom\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.478] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0154.478] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.478] CoTaskMemFree (pv=0x733408) [0154.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0154.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.486] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0154.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.507] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0154.507] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.507] CoTaskMemFree (pv=0x734548) [0154.507] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.507] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.507] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Nichrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nichrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.529] CoTaskMemAlloc (cb=0x20c) returned 0x733ca8 [0154.529] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733ca8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.529] CoTaskMemFree (pv=0x733ca8) [0154.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0154.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.533] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0154.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.550] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0154.550] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733a80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.550] CoTaskMemFree (pv=0x733a80) [0154.550] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.550] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0154.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.554] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0154.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.575] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0154.575] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.575] CoTaskMemFree (pv=0x732b68) [0154.575] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.575] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0154.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.580] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0154.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.581] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.600] CoTaskMemAlloc (cb=0x20c) returned 0x732d90 [0154.600] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732d90 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.600] CoTaskMemFree (pv=0x732d90) [0154.600] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.600] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.600] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.600] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.604] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.604] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.622] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0154.622] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.622] CoTaskMemFree (pv=0x734548) [0154.622] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.622] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\slimjet\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.626] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Slimjet\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\slimjet\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.644] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0154.644] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.645] CoTaskMemFree (pv=0x733408) [0154.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.678] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0154.678] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733a80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.678] CoTaskMemFree (pv=0x733a80) [0154.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.684] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x48 [0154.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.704] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0154.704] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733a80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.704] CoTaskMemFree (pv=0x733a80) [0154.704] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.704] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.709] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.730] CoTaskMemAlloc (cb=0x20c) returned 0x733858 [0154.730] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733858 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.730] CoTaskMemFree (pv=0x733858) [0154.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.734] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0154.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.751] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0154.751] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.752] CoTaskMemFree (pv=0x732b68) [0154.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0154.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ghostbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.759] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4d [0154.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\GhostBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ghostbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.772] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0154.772] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.772] CoTaskMemFree (pv=0x733408) [0154.773] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.773] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0154.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.773] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0154.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.803] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0154.803] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.803] CoTaskMemFree (pv=0x732b68) [0154.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.804] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0154.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xvast\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.809] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0154.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Xvast\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\xvast\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.828] CoTaskMemAlloc (cb=0x20c) returned 0x732fb8 [0154.828] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732fb8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.828] CoTaskMemFree (pv=0x732fb8) [0154.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0154.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x47 [0154.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.895] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0154.895] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.895] CoTaskMemFree (pv=0x733408) [0154.895] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.896] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0154.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\superbird\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.900] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0154.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.900] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SuperBird\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\superbird\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.919] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0154.919] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.919] CoTaskMemFree (pv=0x734548) [0154.919] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.919] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x53 [0154.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.919] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.924] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x53 [0154.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Browser\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360browser\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.943] CoTaskMemAlloc (cb=0x20c) returned 0x733858 [0154.943] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733858 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.943] CoTaskMemFree (pv=0x733858) [0154.943] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.943] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0154.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0154.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.950] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.968] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0154.968] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733a80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.968] CoTaskMemFree (pv=0x733a80) [0154.968] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.968] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0154.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0154.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0154.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0154.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0154.995] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0154.995] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0154.995] CoTaskMemFree (pv=0x732b68) [0154.995] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0154.995] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x5c [0154.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0154.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.003] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x5c [0155.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.022] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0155.023] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.023] CoTaskMemFree (pv=0x734548) [0155.023] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.023] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0155.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.030] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0155.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.047] CoTaskMemAlloc (cb=0x20c) returned 0x733ed0 [0155.047] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733ed0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.047] CoTaskMemFree (pv=0x733ed0) [0155.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", lpFilePart=0x0) returned 0x55 [0155.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.048] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\user data_i18n\\default\\uc login data.18"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.052] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18", lpFilePart=0x0) returned 0x55 [0155.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\User Data_i18n\\Default\\UC Login Data.18" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\user data_i18n\\default\\uc login data.18"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.075] CoTaskMemAlloc (cb=0x20c) returned 0x733ed0 [0155.075] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733ed0 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.076] CoTaskMemFree (pv=0x733ed0) [0155.076] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.076] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0155.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blisk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0155.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Blisk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blisk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.098] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0155.098] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.099] CoTaskMemFree (pv=0x734548) [0155.099] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.099] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0155.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.177] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0155.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", nBufferLength=0x105, lpBuffer=0x19f140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", lpFilePart=0x0) returned 0x4c [0155.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f5a0) returned 1 [0155.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f61c | out: lpFileInformation=0x19f61c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f59c) returned 1 [0155.239] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat", nBufferLength=0x105, lpBuffer=0x19f140, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat", lpFilePart=0x0) returned 0x42 [0155.239] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f5a0) returned 1 [0155.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera\\Opera\\profile\\wand.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera\\opera\\profile\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f61c | out: lpFileInformation=0x19f61c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f59c) returned 1 [0155.240] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f090, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0155.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f4f0) returned 1 [0155.240] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x19f56c | out: lpFileInformation=0x19f56c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xc85b003d, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0xc85b003d, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0155.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f4ec) returned 1 [0155.370] CoTaskMemAlloc (cb=0x20c) returned 0x733ed0 [0155.370] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x733ed0, nSize=0x104 | out: lpBuffer="") returned 0x25 [0155.370] CoTaskMemFree (pv=0x733ed0) [0155.371] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x19eef8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0155.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f3ec) returned 1 [0155.371] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0155.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d610) returned 1 [0155.745] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0155.745] GetEnvironmentVariableW (in: lpName="AppData", lpBuffer=0x732b68, nSize=0x104 | out: lpBuffer="") returned 0x25 [0155.745] CoTaskMemFree (pv=0x732b68) [0155.746] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml", nBufferLength=0x105, lpBuffer=0x19f338, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml", lpFilePart=0x0) returned 0x3a [0155.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f798) returned 1 [0155.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\.purple\\accounts.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\.purple\\accounts.xml"), fInfoLevelId=0x0, lpFileInformation=0x19f814 | out: lpFileInformation=0x19f814*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f794) returned 1 [0155.784] CoTaskMemAlloc (cb=0x20c) returned 0x733ca8 [0155.784] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733ca8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.784] CoTaskMemFree (pv=0x733ca8) [0155.784] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f0f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.784] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x19f0e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x4e [0155.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f540) returned 1 [0155.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Liebao7\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao7\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x19f5bc | out: lpFileInformation=0x19f5bc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f53c) returned 1 [0155.836] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0155.836] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.836] CoTaskMemFree (pv=0x733408) [0155.836] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.836] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0155.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f524) returned 1 [0155.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\AVAST Software\\Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\avast software\\browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f5a0 | out: lpFileInformation=0x19f5a0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f520) returned 1 [0155.858] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0155.858] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.858] CoTaskMemFree (pv=0x734548) [0155.858] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.859] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0155.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kinza\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.863] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x46 [0155.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kinza\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kinza\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.883] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0155.883] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.883] CoTaskMemFree (pv=0x732b68) [0155.883] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.884] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0155.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blackhawk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4a [0155.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BlackHawk\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\blackhawk\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.907] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0155.907] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.907] CoTaskMemFree (pv=0x733408) [0155.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0155.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.911] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x55 [0155.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.911] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.928] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0155.928] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.928] CoTaskMemFree (pv=0x734548) [0155.928] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.928] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0155.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0155.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.951] CoTaskMemAlloc (cb=0x20c) returned 0x733408 [0155.951] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733408 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.951] CoTaskMemFree (pv=0x733408) [0155.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0155.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.958] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4e [0155.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.978] CoTaskMemAlloc (cb=0x20c) returned 0x733630 [0155.978] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733630 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.978] CoTaskMemFree (pv=0x733630) [0155.978] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.978] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0155.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.978] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0155.982] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4c [0155.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0155.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0155.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0155.999] CoTaskMemAlloc (cb=0x20c) returned 0x732fb8 [0155.999] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732fb8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0155.999] CoTaskMemFree (pv=0x732fb8) [0155.999] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0155.999] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0155.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0155.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.003] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0156.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.004] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.022] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0156.022] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x734548, nSize=0x104 | out: lpBuffer="") returned 0x25 [0156.022] CoTaskMemFree (pv=0x734548) [0156.022] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", lpFilePart=0x0) returned 0x6c [0156.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.032] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data", lpFilePart=0x0) returned 0x6c [0156.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.048] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0156.048] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733a80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.048] CoTaskMemFree (pv=0x733a80) [0156.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0156.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.048] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.052] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x52 [0156.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.053] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome SxS\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome sxs\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.072] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0156.072] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733a80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.073] CoTaskMemFree (pv=0x733a80) [0156.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0156.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.077] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x57 [0156.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.095] CoTaskMemAlloc (cb=0x20c) returned 0x733630 [0156.095] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733630 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.095] CoTaskMemFree (pv=0x733630) [0156.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0156.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\salamweb\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x49 [0156.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\SalamWeb\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\salamweb\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.119] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0156.119] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.119] CoTaskMemFree (pv=0x732b68) [0156.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0156.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.119] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.124] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0156.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.141] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0156.141] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.141] CoTaskMemFree (pv=0x732b68) [0156.141] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.141] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0156.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.147] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x50 [0156.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.164] CoTaskMemAlloc (cb=0x20c) returned 0x733ca8 [0156.164] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x733ca8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.164] CoTaskMemFree (pv=0x733ca8) [0156.164] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.165] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0156.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.170] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x51 [0156.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.188] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0156.188] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0156.189] CoTaskMemFree (pv=0x734548) [0156.189] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19f28c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0156.189] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f274, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0156.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6d4) returned 1 [0156.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f750 | out: lpFileInformation=0x19f750*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f6d0) returned 1 [0156.193] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", nBufferLength=0x105, lpBuffer=0x19f324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data", lpFilePart=0x0) returned 0x4f [0156.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f784) returned 1 [0156.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default\\Login Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0x19f800 | out: lpFileInformation=0x19f800*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f780) returned 1 [0156.201] CoTaskMemAlloc (cb=0x20c) returned 0x733858 [0156.202] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x733858 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0156.202] CoTaskMemFree (pv=0x733858) [0156.202] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f2e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0156.217] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19f300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0156.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f75c) returned 1 [0156.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), fInfoLevelId=0x0, lpFileInformation=0x19f7d8 | out: lpFileInformation=0x19f7d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f758) returned 1 [0156.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19f300, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0156.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f75c) returned 1 [0156.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), fInfoLevelId=0x0, lpFileInformation=0x19f7d8 | out: lpFileInformation=0x19f7d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0156.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f758) returned 1 [0156.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", nBufferLength=0x105, lpBuffer=0x19f208, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\", lpFilePart=0x0) returned 0x44 [0156.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f6fc) returned 1 [0156.528] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\discord\\Local Storage\\leveldb\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\discord\\local storage\\leveldb"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0156.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ddd8) returned 1 [0156.953] CoTaskMemAlloc (cb=0x20c) returned 0x733a80 [0156.953] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x733a80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0156.953] CoTaskMemFree (pv=0x733a80) [0156.954] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0156.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0156.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles", lpFilePart=0x0) returned 0x3d [0156.957] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\", lpFilePart=0x0) returned 0x3e [0156.958] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0156.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0156.984] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0156.984] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0156.984] CoTaskMemFree (pv=0x732b68) [0156.984] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0156.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0156.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles", lpFilePart=0x0) returned 0x44 [0156.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\", lpFilePart=0x0) returned 0x45 [0156.985] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashPeak\\SlimBrowser\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0156.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.013] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0157.013] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.013] CoTaskMemFree (pv=0x734548) [0157.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpFilePart=0x0) returned 0x3e [0157.013] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpFilePart=0x0) returned 0x3f [0157.014] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.042] CoTaskMemAlloc (cb=0x20c) returned 0x732b68 [0157.042] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x732b68 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.042] CoTaskMemFree (pv=0x732b68) [0157.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpFilePart=0x0) returned 0x3b [0157.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\", lpFilePart=0x0) returned 0x3b [0157.043] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.071] CoTaskMemAlloc (cb=0x20c) returned 0x733ca8 [0157.071] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x733ca8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.072] CoTaskMemFree (pv=0x733ca8) [0157.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles", lpFilePart=0x0) returned 0x40 [0157.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\", lpFilePart=0x0) returned 0x41 [0157.072] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.096] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0157.096] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.096] CoTaskMemFree (pv=0x734548) [0157.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles", lpFilePart=0x0) returned 0x3f [0157.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\", lpFilePart=0x0) returned 0x40 [0157.097] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.125] CoTaskMemAlloc (cb=0x20c) returned 0x733630 [0157.125] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x733630 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.125] CoTaskMemFree (pv=0x733630) [0157.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles", lpFilePart=0x0) returned 0x44 [0157.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\", lpFilePart=0x0) returned 0x45 [0157.125] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.149] CoTaskMemAlloc (cb=0x20c) returned 0x733ca8 [0157.149] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x733ca8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.149] CoTaskMemFree (pv=0x733ca8) [0157.149] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.150] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles", lpFilePart=0x0) returned 0x4e [0157.150] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\", lpFilePart=0x0) returned 0x4f [0157.150] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.176] CoTaskMemAlloc (cb=0x20c) returned 0x734548 [0157.176] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x734548 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.176] CoTaskMemFree (pv=0x734548) [0157.176] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.176] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles", lpFilePart=0x0) returned 0x37 [0157.176] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\", lpFilePart=0x0) returned 0x38 [0157.176] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.206] CoTaskMemAlloc (cb=0x20c) returned 0x732fb8 [0157.206] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x732fb8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0157.206] CoTaskMemFree (pv=0x732fb8) [0157.206] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19f238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0157.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f7a4) returned 1 [0157.206] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles", nBufferLength=0x105, lpBuffer=0x19f2ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles", lpFilePart=0x0) returned 0x39 [0157.206] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\", nBufferLength=0x105, lpBuffer=0x19f280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\", lpFilePart=0x0) returned 0x3a [0157.206] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\PostboxApp\\Profiles\\*", lpFindFileData=0x19f4cc | out: lpFindFileData=0x19f4cc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0157.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f768) returned 1 [0157.738] GetUserNameW (in: lpBuffer=0x19f504, pcbBuffer=0x19f77c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f77c) returned 1 [0157.804] GetUserNameW (in: lpBuffer=0x19f504, pcbBuffer=0x19f77c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f77c) returned 1 [0157.806] GetUserNameW (in: lpBuffer=0x19f504, pcbBuffer=0x19f77c | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f77c) returned 1 [0158.053] QueryPerformanceCounter (in: lpPerformanceCount=0x19f5ec | out: lpPerformanceCount=0x19f5ec*=1555804190660) returned 1 [0158.055] SetEvent (hEvent=0x3d8) returned 1 [0158.057] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5e0 [0158.058] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5f8 [0158.058] GetAddrInfoW (in: pNodeName="api.telegram.org", pServiceName=0x0, pHints=0x19f334*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f2dc | out: ppResult=0x19f2dc*=0x72c428*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.telegram.org", ai_addr=0x736c18*(sa_family=2, sin_port=0x0, sin_addr="149.154.167.220"), ai_next=0x0)) returned 0 [0158.067] FreeAddrInfoW (pAddrInfo=0x72c428*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.telegram.org", ai_addr=0x736c18*(sa_family=2, sin_port=0x0, sin_addr="149.154.167.220"), ai_next=0x0)) [0158.068] WSAConnect (in: s=0x5e0, name=0x225e0f4*(sa_family=2, sin_port=0x1bb, sin_addr="149.154.167.220"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0158.093] closesocket (s=0x5f8) returned 0 [0158.095] GetCurrentProcess () returned 0xffffffff [0158.095] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f064 | out: TokenHandle=0x19f064*=0x5f8) returned 1 [0158.095] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x21e0160, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x19f0b8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x22600f8, ptsExpiry=0x19f03c | out: phCredential=0x22600f8, ptsExpiry=0x19f03c) returned 0x0 [0158.097] InitializeSecurityContextW (in: phCredential=0x19f07c, phContext=0x0, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x2260108, pfContextAttr=0x225ffc4, ptsExpiry=0x19f074 | out: phNewContext=0x2260170, pOutput=0x2260108, pfContextAttr=0x225ffc4, ptsExpiry=0x19f074) returned 0x90312 [0158.098] FreeContextBuffer (in: pvContextBuffer=0x740ed0 | out: pvContextBuffer=0x740ed0) returned 0x0 [0158.098] send (s=0x5e0, buf=0x2260184*, len=184, flags=0) returned 184 [0158.099] recv (in: s=0x5e0, buf=0x2260184, len=5, flags=0 | out: buf=0x2260184*) returned 5 [0158.142] recv (in: s=0x5e0, buf=0x2260189, len=69, flags=0 | out: buf=0x2260189*) returned 69 [0158.142] InitializeSecurityContextW (in: phCredential=0x19efe0, phContext=0x19f06c, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22602ec, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x2260300, pfContextAttr=0x225ffc4, ptsExpiry=0x19efd8 | out: phNewContext=0x2260170, pOutput=0x2260300, pfContextAttr=0x225ffc4, ptsExpiry=0x19efd8) returned 0x90312 [0158.144] recv (in: s=0x5e0, buf=0x2260390, len=5, flags=0 | out: buf=0x2260390*) returned 5 [0158.144] recv (in: s=0x5e0, buf=0x22603a9, len=5166, flags=0 | out: buf=0x22603a9*) returned 5166 [0158.144] InitializeSecurityContextW (in: phCredential=0x19ef48, phContext=0x19efd4, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261848, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x226185c, pfContextAttr=0x225ffc4, ptsExpiry=0x19ef40 | out: phNewContext=0x2260170, pOutput=0x226185c, pfContextAttr=0x225ffc4, ptsExpiry=0x19ef40) returned 0x90312 [0158.148] recv (in: s=0x5e0, buf=0x22618ec, len=5, flags=0 | out: buf=0x22618ec*) returned 5 [0158.149] recv (in: s=0x5e0, buf=0x2261905, len=333, flags=0 | out: buf=0x2261905*) returned 333 [0158.149] InitializeSecurityContextW (in: phCredential=0x19eeb0, phContext=0x19ef3c, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261ac4, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x2261ad8, pfContextAttr=0x225ffc4, ptsExpiry=0x19eea8 | out: phNewContext=0x2260170, pOutput=0x2261ad8, pfContextAttr=0x225ffc4, ptsExpiry=0x19eea8) returned 0x90312 [0158.149] recv (in: s=0x5e0, buf=0x2261b68, len=5, flags=0 | out: buf=0x2261b68*) returned 5 [0158.149] recv (in: s=0x5e0, buf=0x2261b81, len=4, flags=0 | out: buf=0x2261b81*) returned 4 [0158.150] InitializeSecurityContextW (in: phCredential=0x19ee18, phContext=0x19eea4, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261bf8, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x2261c0c, pfContextAttr=0x225ffc4, ptsExpiry=0x19ee10 | out: phNewContext=0x2260170, pOutput=0x2261c0c, pfContextAttr=0x225ffc4, ptsExpiry=0x19ee10) returned 0x90312 [0158.170] FreeContextBuffer (in: pvContextBuffer=0x718600 | out: pvContextBuffer=0x718600) returned 0x0 [0158.170] send (s=0x5e0, buf=0x2261c88*, len=126, flags=0) returned 126 [0158.171] recv (in: s=0x5e0, buf=0x2261c88, len=5, flags=0 | out: buf=0x2261c88*) returned 5 [0158.191] recv (in: s=0x5e0, buf=0x2261d2d, len=218, flags=0 | out: buf=0x2261d2d*) returned 218 [0158.191] InitializeSecurityContextW (in: phCredential=0x19ed80, phContext=0x19ee0c, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261e78, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x2261e8c, pfContextAttr=0x225ffc4, ptsExpiry=0x19ed78 | out: phNewContext=0x2260170, pOutput=0x2261e8c, pfContextAttr=0x225ffc4, ptsExpiry=0x19ed78) returned 0x90312 [0158.192] recv (in: s=0x5e0, buf=0x2261f1c, len=5, flags=0 | out: buf=0x2261f1c*) returned 5 [0158.192] recv (in: s=0x5e0, buf=0x2261f35, len=1, flags=0 | out: buf=0x2261f35*) returned 1 [0158.194] InitializeSecurityContextW (in: phCredential=0x19ece8, phContext=0x19ed74, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2261fa8, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x2261fbc, pfContextAttr=0x225ffc4, ptsExpiry=0x19ece0 | out: phNewContext=0x2260170, pOutput=0x2261fbc, pfContextAttr=0x225ffc4, ptsExpiry=0x19ece0) returned 0x90312 [0158.195] recv (in: s=0x5e0, buf=0x226204c, len=5, flags=0 | out: buf=0x226204c*) returned 5 [0158.195] recv (in: s=0x5e0, buf=0x2262065, len=40, flags=0 | out: buf=0x2262065*) returned 40 [0158.195] InitializeSecurityContextW (in: phCredential=0x19ec50, phContext=0x19ecdc, pTargetName=0x225e148, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2262100, Reserved2=0x0, phNewContext=0x2260170, pOutput=0x2262114, pfContextAttr=0x225ffc4, ptsExpiry=0x19ec48 | out: phNewContext=0x2260170, pOutput=0x2262114, pfContextAttr=0x225ffc4, ptsExpiry=0x19ec48) returned 0x0 [0158.199] QueryContextAttributesW (in: phContext=0x2260170, ulAttribute=0x4, pBuffer=0x22621a4 | out: pBuffer=0x22621a4) returned 0x0 [0158.199] QueryContextAttributesW (in: phContext=0x2260170, ulAttribute=0x5a, pBuffer=0x22621e0 | out: pBuffer=0x22621e0) returned 0x0 [0158.199] QueryContextAttributesW (in: phContext=0x2260170, ulAttribute=0x53, pBuffer=0x226222c | out: pBuffer=0x226222c) returned 0x0 [0158.200] CertDuplicateCertificateContext (pCertContext=0x74a410) returned 0x74a410 [0158.200] CertDuplicateStore (hCertStore=0x74bb58) returned 0x74bb58 [0158.200] CertEnumCertificatesInStore (hCertStore=0x74bb58, pPrevCertContext=0x0) returned 0x74a7d0 [0158.200] CertDuplicateCertificateContext (pCertContext=0x74a7d0) returned 0x74a7d0 [0158.200] CertEnumCertificatesInStore (hCertStore=0x74bb58, pPrevCertContext=0x74a7d0) returned 0x74acd0 [0158.200] CertDuplicateCertificateContext (pCertContext=0x74acd0) returned 0x74acd0 [0158.200] CertEnumCertificatesInStore (hCertStore=0x74bb58, pPrevCertContext=0x74acd0) returned 0x74aa50 [0158.200] CertDuplicateCertificateContext (pCertContext=0x74aa50) returned 0x74aa50 [0158.201] CertEnumCertificatesInStore (hCertStore=0x74bb58, pPrevCertContext=0x74aa50) returned 0x74a410 [0158.201] CertDuplicateCertificateContext (pCertContext=0x74a410) returned 0x74a410 [0158.201] CertEnumCertificatesInStore (hCertStore=0x74bb58, pPrevCertContext=0x74a410) returned 0x0 [0158.201] CertCloseStore (hCertStore=0x74bb58, dwFlags=0x0) returned 1 [0158.201] CertFreeCertificateContext (pCertContext=0x74a410) returned 1 [0158.201] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x74bbd0 [0158.202] CertAddCRLLinkToStore (in: hCertStore=0x74bbd0, pCrlContext=0x74a7d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0158.202] CertAddCRLLinkToStore (in: hCertStore=0x74bbd0, pCrlContext=0x74acd0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0158.202] CertAddCRLLinkToStore (in: hCertStore=0x74bbd0, pCrlContext=0x74aa50, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0158.202] CertAddCRLLinkToStore (in: hCertStore=0x74bbd0, pCrlContext=0x74a410, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0158.202] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x74a410, pTime=0x19ec5c, hAdditionalStore=0x74bbd0, pChainPara=0x19eb9c, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x19eb90 | out: ppChainContext=0x19eb90) returned 1 [0158.206] CertDuplicateCertificateChain (pChainContext=0x7681e0) returned 0x7681e0 [0158.206] CertDuplicateCertificateContext (pCertContext=0x74a410) returned 0x74a410 [0158.206] CertDuplicateCertificateContext (pCertContext=0x74a640) returned 0x74a640 [0158.207] CertDuplicateCertificateContext (pCertContext=0x74a690) returned 0x74a690 [0158.207] CertDuplicateCertificateContext (pCertContext=0x74a870) returned 0x74a870 [0158.207] CertFreeCertificateChain (pChainContext=0x7681e0) [0158.207] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x7681e0, pPolicyPara=0x19ed3c, pPolicyStatus=0x19ed28 | out: pPolicyStatus=0x19ed28) returned 1 [0158.207] SetLastError (dwErrCode=0x0) [0158.207] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x7681e0, pPolicyPara=0x19eda8, pPolicyStatus=0x19ed50 | out: pPolicyStatus=0x19ed50) returned 1 [0158.207] CertFreeCertificateChain (pChainContext=0x7681e0) [0158.207] CertFreeCertificateContext (pCertContext=0x74a410) returned 1 [0158.209] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x2277ffc, MessageSeqNo=0x0 | out: pMessage=0x2277ffc) returned 0x0 [0158.209] send (s=0x5e0, buf=0x21e8c94*, len=395, flags=0) returned 395 [0158.212] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x2278134, MessageSeqNo=0x0 | out: pMessage=0x2278134) returned 0x0 [0158.212] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0158.212] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0158.215] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0158.419] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0158.420] DecryptMessage (in: phContext=0x2260170, pMessage=0x22b86bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22b86bc, pfQOP=0x0) returned 0x0 [0158.421] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0166.454] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74790000 [0166.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f718, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x90i;í2\x9d «\x0elTü\x19", lpUsedDefaultChar=0x0) returned 14 [0166.455] GetProcAddress (hModule=0x74790000, lpProcName="DefWindowProcW") returned 0x7797aee0 [0166.456] GetStockObject (i=5) returned 0x1900015 [0166.459] GetModuleHandleW (lpModuleName=0x0) returned 0x4620000 [0166.465] CoTaskMemAlloc (cb=0x5c) returned 0x72f808 [0166.465] RegisterClassW (lpWndClass=0x19f708) returned 0xc1d4 [0166.467] CoTaskMemFree (pv=0x72f808) [0166.467] GetModuleHandleW (lpModuleName=0x0) returned 0x4620000 [0166.468] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.1f550a4_r32_ad1", lpWindowName="TimerNativeWindow", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x4620000, lpParam=0x0) returned 0x502e0 [0166.483] SetWindowLongW (hWnd=0x502e0, nIndex=-4, dwNewLong=2006429408) returned 73810366 [0166.486] GetWindowLongW (hWnd=0x502e0, nIndex=-4) returned 2006429408 [0166.487] GetCurrentProcess () returned 0xffffffff [0166.487] GetCurrentThread () returned 0xfffffffe [0166.487] GetCurrentProcess () returned 0xffffffff [0166.487] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19efe0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19efe0*=0x604) returned 1 [0166.511] GetCurrentThreadId () returned 0xe9c [0166.513] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef64 | out: phkResult=0x19ef64*=0x608) returned 0x0 [0166.513] RegQueryValueExW (in: hKey=0x608, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19ef84, lpData=0x0, lpcbData=0x19ef80*=0x0 | out: lpType=0x19ef84*=0x0, lpData=0x0, lpcbData=0x19ef80*=0x0) returned 0x2 [0166.513] RegQueryValueExW (in: hKey=0x608, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19ef84, lpData=0x0, lpcbData=0x19ef80*=0x0 | out: lpType=0x19ef84*=0x0, lpData=0x0, lpcbData=0x19ef80*=0x0) returned 0x2 [0166.514] RegCloseKey (hKey=0x608) returned 0x0 [0166.516] SetWindowLongW (hWnd=0x502e0, nIndex=-4, dwNewLong=73810406) returned 2006429408 [0166.516] GetWindowLongW (hWnd=0x502e0, nIndex=-4) returned 73810406 [0166.516] GetWindowLongW (hWnd=0x502e0, nIndex=-16) returned 79691776 [0166.517] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502e0, Msg=0x24, wParam=0x0, lParam=0x19f27c) returned 0x0 [0166.518] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc129 [0166.518] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502e0, Msg=0x81, wParam=0x0, lParam=0x19f270) returned 0x1 [0166.520] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502e0, Msg=0x83, wParam=0x0, lParam=0x19f25c) returned 0x0 [0166.524] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x502e0, Msg=0x1, wParam=0x0, lParam=0x19f270) returned 0x0 [0166.526] SetTimer (hWnd=0x502e0, nIDEvent=0x1, uElapse=0x64, lpTimerFunc=0x0) returned 0x1 [0166.528] GetWindowThreadProcessId (in: hWnd=0x502e0, lpdwProcessId=0x19f848 | out: lpdwProcessId=0x19f848) returned 0xe9c [0166.528] GetCurrentThreadId () returned 0xe9c [0166.528] IsWindow (hWnd=0x502e0) returned 1 [0166.528] KillTimer (hWnd=0x502e0, uIDEvent=0x1) returned 1 [0166.528] SetTimer (hWnd=0x502e0, nIDEvent=0x2, uElapse=0x4992636, lpTimerFunc=0x0) returned 0x2 [0175.553] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1d2 [0175.553] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1d3 [0175.556] GetSystemMetrics (nIndex=75) returned 1 [0175.574] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0175.583] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x68770000 [0175.597] GetStockObject (i=5) returned 0x1900015 [0175.598] GetModuleHandleW (lpModuleName=0x0) returned 0x4620000 [0175.598] CoTaskMemAlloc (cb=0x5c) returned 0x72ef18 [0175.598] RegisterClassW (lpWndClass=0x19f650) returned 0xc1c0 [0175.599] CoTaskMemFree (pv=0x72ef18) [0175.599] GetModuleHandleW (lpModuleName=0x0) returned 0x4620000 [0175.599] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.1f550a4_r32_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x4620000, lpParam=0x0) returned 0x601e8 [0175.600] SetWindowLongW (hWnd=0x601e8, nIndex=-4, dwNewLong=2006429408) returned 73810446 [0175.600] GetWindowLongW (hWnd=0x601e8, nIndex=-4) returned 2006429408 [0175.600] SetWindowLongW (hWnd=0x601e8, nIndex=-4, dwNewLong=73810486) returned 2006429408 [0175.600] GetWindowLongW (hWnd=0x601e8, nIndex=-4) returned 73810486 [0175.600] GetWindowLongW (hWnd=0x601e8, nIndex=-16) returned 113311744 [0175.601] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1da [0175.601] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x601e8, Msg=0x24, wParam=0x0, lParam=0x19f1c4) returned 0x0 [0175.601] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x601e8, Msg=0x81, wParam=0x0, lParam=0x19f1b8) returned 0x1 [0175.606] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x601e8, Msg=0x83, wParam=0x0, lParam=0x19f1a4) returned 0x0 [0175.607] CallWindowProcW (lpPrevWndFunc=0x7797aee0, hWnd=0x601e8, Msg=0x1, wParam=0x0, lParam=0x19f1b8) returned 0x0 [0175.607] GetClientRect (in: hWnd=0x601e8, lpRect=0x19eee4 | out: lpRect=0x19eee4) returned 1 [0175.607] GetWindowRect (in: hWnd=0x601e8, lpRect=0x19eee4 | out: lpRect=0x19eee4) returned 1 [0175.609] GetParent (hWnd=0x601e8) returned 0x0 [0175.611] OleInitialize (pvReserved=0x0) returned 0x80010106 [0175.613] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f870 | out: lplpMessageFilter=0x19f870*=0x0) returned 0x80004021 [0175.614] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0175.615] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0175.615] WaitMessage () returned 1 [0176.526] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0176.527] IsWindowUnicode (hWnd=0x502e0) returned 1 [0176.527] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0176.556] TranslateMessage (lpMsg=0x19f844) returned 0 [0176.556] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0176.594] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0176.595] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0176.596] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0176.598] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9271224079487) returned 1 [0176.645] GetCurrentProcess () returned 0xffffffff [0176.645] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f0ec | out: TokenHandle=0x19f0ec*=0x614) returned 1 [0176.958] RegNotifyChangeKeyValue (hKey=0x404, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x408, fAsynchronous=1) returned 0x0 [0177.149] GetCurrentProcess () returned 0xffffffff [0177.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f0b8 | out: TokenHandle=0x19f0b8*=0x618) returned 1 [0177.170] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19f0ac | out: pProxyConfig=0x19f0ac) returned 1 [0177.181] SetEvent (hEvent=0x3d8) returned 1 [0177.182] select (in: nfds=0, readfds=0x22c1cf0, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22c1cf0, writefds=0x0, exceptfds=0x0) returned 0 [0177.183] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22c37d8, MessageSeqNo=0x0 | out: pMessage=0x22c37d8) returned 0x0 [0177.184] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0177.185] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22c3904, MessageSeqNo=0x0 | out: pMessage=0x22c3904) returned 0x0 [0177.185] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0177.186] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0177.186] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0177.319] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0177.319] DecryptMessage (in: phContext=0x2260170, pMessage=0x22c3a94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22c3a94, pfQOP=0x0) returned 0x0 [0177.320] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0177.320] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0177.320] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0177.320] WaitMessage () returned 1 [0186.595] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0186.595] IsWindowUnicode (hWnd=0x502e0) returned 1 [0186.595] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0186.595] TranslateMessage (lpMsg=0x19f844) returned 0 [0186.595] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0186.598] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0186.601] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0186.601] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0186.605] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9272224876880) returned 1 [0186.607] SetEvent (hEvent=0x3d8) returned 1 [0186.608] select (in: nfds=0, readfds=0x22ca564, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22ca564, writefds=0x0, exceptfds=0x0) returned 0 [0186.609] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22cc04c, MessageSeqNo=0x0 | out: pMessage=0x22cc04c) returned 0x0 [0186.609] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0186.611] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22cc178, MessageSeqNo=0x0 | out: pMessage=0x22cc178) returned 0x0 [0186.611] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0186.611] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0186.612] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0186.722] recv (in: s=0x5e0, buf=0x21f3839, len=954, flags=0 | out: buf=0x21f3839*) returned 954 [0186.722] DecryptMessage (in: phContext=0x2260170, pMessage=0x22cc308, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22cc308, pfQOP=0x0) returned 0x0 [0186.723] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0186.723] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0186.723] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0186.723] WaitMessage () returned 1 [0196.593] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0196.594] IsWindowUnicode (hWnd=0x502e0) returned 1 [0196.594] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0196.594] TranslateMessage (lpMsg=0x19f844) returned 0 [0196.594] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0196.595] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0196.599] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0196.599] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0196.603] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9273224583360) returned 1 [0196.605] SetEvent (hEvent=0x3d8) returned 1 [0196.605] select (in: nfds=0, readfds=0x22d2de0, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22d2de0, writefds=0x0, exceptfds=0x0) returned 0 [0196.606] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22d48c8, MessageSeqNo=0x0 | out: pMessage=0x22d48c8) returned 0x0 [0196.607] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0196.609] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22d49f4, MessageSeqNo=0x0 | out: pMessage=0x22d49f4) returned 0x0 [0196.609] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0196.609] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0196.609] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0196.720] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0196.720] DecryptMessage (in: phContext=0x2260170, pMessage=0x22d4b84, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22d4b84, pfQOP=0x0) returned 0x0 [0196.721] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0196.721] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0196.721] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0196.721] WaitMessage () returned 1 [0206.596] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0206.596] IsWindowUnicode (hWnd=0x502e0) returned 1 [0206.596] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0206.596] TranslateMessage (lpMsg=0x19f844) returned 0 [0206.596] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0206.597] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0206.598] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0206.598] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0206.600] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9274224291018) returned 1 [0206.602] SetEvent (hEvent=0x3d8) returned 1 [0206.602] select (in: nfds=0, readfds=0x22db654, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22db654, writefds=0x0, exceptfds=0x0) returned 0 [0206.602] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22dd13c, MessageSeqNo=0x0 | out: pMessage=0x22dd13c) returned 0x0 [0206.603] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0206.605] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22dd268, MessageSeqNo=0x0 | out: pMessage=0x22dd268) returned 0x0 [0206.605] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0206.605] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0206.605] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0206.750] recv (in: s=0x5e0, buf=0x21f3839, len=952, flags=0 | out: buf=0x21f3839*) returned 952 [0206.750] DecryptMessage (in: phContext=0x2260170, pMessage=0x22dd3f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22dd3f8, pfQOP=0x0) returned 0x0 [0206.750] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0206.750] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0206.750] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0206.750] WaitMessage () returned 1 [0216.598] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0216.598] IsWindowUnicode (hWnd=0x502e0) returned 1 [0216.598] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0216.598] TranslateMessage (lpMsg=0x19f844) returned 0 [0216.598] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0216.598] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0216.599] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0216.600] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0216.602] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9275224478682) returned 1 [0216.602] SetEvent (hEvent=0x3d8) returned 1 [0216.603] select (in: nfds=0, readfds=0x22e3ec8, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22e3ec8, writefds=0x0, exceptfds=0x0) returned 0 [0216.603] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22e59b0, MessageSeqNo=0x0 | out: pMessage=0x22e59b0) returned 0x0 [0216.603] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0216.604] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22e5adc, MessageSeqNo=0x0 | out: pMessage=0x22e5adc) returned 0x0 [0216.604] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0216.604] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0216.604] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0216.735] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0216.735] DecryptMessage (in: phContext=0x2260170, pMessage=0x22e5c6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22e5c6c, pfQOP=0x0) returned 0x0 [0216.736] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0216.736] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0216.736] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0216.736] WaitMessage () returned 1 [0226.618] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0226.618] IsWindowUnicode (hWnd=0x502e0) returned 1 [0226.618] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0226.619] TranslateMessage (lpMsg=0x19f844) returned 0 [0226.619] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0226.620] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0226.624] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0226.625] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0226.629] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9276227204431) returned 1 [0226.632] SetEvent (hEvent=0x3d8) returned 1 [0226.632] select (in: nfds=0, readfds=0x22ec73c, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22ec73c, writefds=0x0, exceptfds=0x0) returned 0 [0226.634] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22ee224, MessageSeqNo=0x0 | out: pMessage=0x22ee224) returned 0x0 [0226.634] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0226.635] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22ee350, MessageSeqNo=0x0 | out: pMessage=0x22ee350) returned 0x0 [0226.635] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0226.636] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0226.636] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0226.744] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0226.744] DecryptMessage (in: phContext=0x2260170, pMessage=0x22ee4e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee4e0, pfQOP=0x0) returned 0x0 [0226.746] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0226.746] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0226.746] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0226.746] WaitMessage () returned 1 [0236.620] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0236.620] IsWindowUnicode (hWnd=0x502e0) returned 1 [0236.620] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0236.621] TranslateMessage (lpMsg=0x19f844) returned 0 [0236.621] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0236.621] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0236.624] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0236.625] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0236.627] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9277227069686) returned 1 [0236.629] SetEvent (hEvent=0x3d8) returned 1 [0236.629] select (in: nfds=0, readfds=0x22f4fb0, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22f4fb0, writefds=0x0, exceptfds=0x0) returned 0 [0236.630] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22f6a98, MessageSeqNo=0x0 | out: pMessage=0x22f6a98) returned 0x0 [0236.630] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0236.632] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22f6bc4, MessageSeqNo=0x0 | out: pMessage=0x22f6bc4) returned 0x0 [0236.632] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0236.632] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0236.632] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0236.736] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0236.736] DecryptMessage (in: phContext=0x2260170, pMessage=0x22f6d54, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f6d54, pfQOP=0x0) returned 0x0 [0236.737] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0236.737] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0236.737] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0236.737] WaitMessage () returned 1 [0246.631] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0246.631] IsWindowUnicode (hWnd=0x502e0) returned 1 [0246.631] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0246.631] TranslateMessage (lpMsg=0x19f844) returned 0 [0246.632] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0246.633] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0246.635] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0246.636] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0246.638] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9278228127267) returned 1 [0246.640] SetEvent (hEvent=0x3d8) returned 1 [0246.640] select (in: nfds=0, readfds=0x22fd824, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x22fd824, writefds=0x0, exceptfds=0x0) returned 0 [0246.641] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22ff30c, MessageSeqNo=0x0 | out: pMessage=0x22ff30c) returned 0x0 [0246.641] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0246.642] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x22ff438, MessageSeqNo=0x0 | out: pMessage=0x22ff438) returned 0x0 [0246.642] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0246.642] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0246.643] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0246.772] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0246.772] DecryptMessage (in: phContext=0x2260170, pMessage=0x22ff5c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ff5c8, pfQOP=0x0) returned 0x0 [0246.773] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0246.773] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0246.773] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0246.773] WaitMessage () returned 1 [0256.654] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0256.654] IsWindowUnicode (hWnd=0x502e0) returned 1 [0256.654] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0256.654] TranslateMessage (lpMsg=0x19f844) returned 0 [0256.654] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0256.654] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0256.656] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0256.656] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0256.658] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9279230079651) returned 1 [0256.659] SetEvent (hEvent=0x3d8) returned 1 [0256.659] select (in: nfds=0, readfds=0x2306440, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x2306440, writefds=0x0, exceptfds=0x0) returned 0 [0256.659] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x2307f28, MessageSeqNo=0x0 | out: pMessage=0x2307f28) returned 0x0 [0256.660] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0256.661] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x2308054, MessageSeqNo=0x0 | out: pMessage=0x2308054) returned 0x0 [0256.661] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0256.661] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0256.661] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0256.785] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0256.786] DecryptMessage (in: phContext=0x2260170, pMessage=0x23081e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23081e4, pfQOP=0x0) returned 0x0 [0256.786] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0256.786] SetEvent (hEvent=0x3d8) returned 1 [0256.786] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0256.786] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0256.786] WaitMessage () returned 1 [0266.656] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0266.656] IsWindowUnicode (hWnd=0x502e0) returned 1 [0266.656] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0266.656] TranslateMessage (lpMsg=0x19f844) returned 0 [0266.657] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0266.657] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0266.661] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0266.662] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0266.665] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9280230866992) returned 1 [0266.667] SetEvent (hEvent=0x3d8) returned 1 [0266.667] select (in: nfds=0, readfds=0x230ecc8, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x230ecc8, writefds=0x0, exceptfds=0x0) returned 0 [0266.667] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x23107b0, MessageSeqNo=0x0 | out: pMessage=0x23107b0) returned 0x0 [0266.668] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0266.668] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x23108dc, MessageSeqNo=0x0 | out: pMessage=0x23108dc) returned 0x0 [0266.668] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0266.669] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0266.669] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0266.868] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0266.868] DecryptMessage (in: phContext=0x2260170, pMessage=0x2310a6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2310a6c, pfQOP=0x0) returned 0x0 [0266.869] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0266.870] SetEvent (hEvent=0x3d8) returned 1 [0266.871] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0266.871] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0266.871] WaitMessage () returned 1 [0276.662] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0276.663] IsWindowUnicode (hWnd=0x502e0) returned 1 [0276.663] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0276.663] TranslateMessage (lpMsg=0x19f844) returned 0 [0276.663] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0276.665] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0276.668] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0276.668] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0276.670] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9281231367850) returned 1 [0276.672] SetEvent (hEvent=0x3d8) returned 1 [0276.672] select (in: nfds=0, readfds=0x2317550, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x2317550, writefds=0x0, exceptfds=0x0) returned 0 [0276.673] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x2319038, MessageSeqNo=0x0 | out: pMessage=0x2319038) returned 0x0 [0276.674] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0276.675] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x2319164, MessageSeqNo=0x0 | out: pMessage=0x2319164) returned 0x0 [0276.675] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0276.676] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0276.676] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0276.815] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0276.815] DecryptMessage (in: phContext=0x2260170, pMessage=0x23192f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23192f4, pfQOP=0x0) returned 0x0 [0276.816] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0276.816] SetEvent (hEvent=0x3d8) returned 1 [0276.816] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0276.816] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0276.816] WaitMessage () returned 1 [0286.686] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0286.686] IsWindowUnicode (hWnd=0x502e0) returned 1 [0286.686] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0286.686] TranslateMessage (lpMsg=0x19f844) returned 0 [0286.686] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0286.686] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0286.688] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0286.689] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0286.690] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9282233339023) returned 1 [0286.692] SetEvent (hEvent=0x3d8) returned 1 [0286.692] select (in: nfds=0, readfds=0x231fdd8, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x231fdd8, writefds=0x0, exceptfds=0x0) returned 0 [0286.692] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x23218c0, MessageSeqNo=0x0 | out: pMessage=0x23218c0) returned 0x0 [0286.693] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0286.694] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x23219ec, MessageSeqNo=0x0 | out: pMessage=0x23219ec) returned 0x0 [0286.694] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0286.694] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0286.694] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0286.806] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0286.806] DecryptMessage (in: phContext=0x2260170, pMessage=0x2321b7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2321b7c, pfQOP=0x0) returned 0x0 [0286.808] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0286.808] SetEvent (hEvent=0x3d8) returned 1 [0286.809] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0286.809] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0286.809] WaitMessage () returned 1 [0296.681] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0296.682] IsWindowUnicode (hWnd=0x502e0) returned 1 [0296.682] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0296.682] TranslateMessage (lpMsg=0x19f844) returned 0 [0296.682] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0296.683] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0296.688] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0296.689] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0296.692] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9283233513504) returned 1 [0296.694] SetEvent (hEvent=0x3d8) returned 1 [0296.694] select (in: nfds=0, readfds=0x2328660, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x2328660, writefds=0x0, exceptfds=0x0) returned 0 [0296.696] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x232a148, MessageSeqNo=0x0 | out: pMessage=0x232a148) returned 0x0 [0296.696] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0296.697] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x232a274, MessageSeqNo=0x0 | out: pMessage=0x232a274) returned 0x0 [0296.697] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0296.697] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.697] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0297.172] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0297.172] DecryptMessage (in: phContext=0x2260170, pMessage=0x232a404, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x232a404, pfQOP=0x0) returned 0x0 [0297.172] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0297.172] SetEvent (hEvent=0x3d8) returned 1 [0297.173] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0297.173] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0297.173] WaitMessage () returned 1 [0306.682] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0306.682] IsWindowUnicode (hWnd=0x502e0) returned 1 [0306.682] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0306.682] TranslateMessage (lpMsg=0x19f844) returned 0 [0306.682] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0306.683] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0306.687] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0306.688] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0306.690] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9284233322660) returned 1 [0306.691] SetEvent (hEvent=0x3d8) returned 1 [0306.692] select (in: nfds=0, readfds=0x2330ee8, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x2330ee8, writefds=0x0, exceptfds=0x0) returned 0 [0306.693] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x23329d0, MessageSeqNo=0x0 | out: pMessage=0x23329d0) returned 0x0 [0306.694] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0306.696] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x2332afc, MessageSeqNo=0x0 | out: pMessage=0x2332afc) returned 0x0 [0306.696] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0306.697] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0306.697] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0306.802] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0306.802] DecryptMessage (in: phContext=0x2260170, pMessage=0x2332c8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2332c8c, pfQOP=0x0) returned 0x0 [0306.803] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0306.803] SetEvent (hEvent=0x3d8) returned 1 [0306.803] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0306.803] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0306.803] WaitMessage () returned 1 [0316.681] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 1 [0316.682] IsWindowUnicode (hWnd=0x502e0) returned 1 [0316.682] GetMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f844) returned 1 [0316.682] TranslateMessage (lpMsg=0x19f844) returned 0 [0316.682] DispatchMessageW (lpMsg=0x19f844) returned 0x0 [0316.684] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0316.689] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0316.689] GetUserNameW (in: lpBuffer=0x19f1d8, pcbBuffer=0x19f450 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19f450) returned 1 [0316.691] QueryPerformanceCounter (in: lpPerformanceCount=0x19f2c0 | out: lpPerformanceCount=0x19f2c0*=9285233427024) returned 1 [0316.692] SetEvent (hEvent=0x3d8) returned 1 [0316.693] select (in: nfds=0, readfds=0x2339770, writefds=0x0, exceptfds=0x0, timeout=0x19f198*(tv_sec=0, tv_usec=0) | out: readfds=0x2339770, writefds=0x0, exceptfds=0x0) returned 0 [0316.693] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x233b258, MessageSeqNo=0x0 | out: pMessage=0x233b258) returned 0x0 [0316.694] send (s=0x5e0, buf=0x21e8c94*, len=371, flags=0) returned 371 [0316.695] EncryptMessage (in: phContext=0x2260170, fQOP=0x0, pMessage=0x233b384, MessageSeqNo=0x0 | out: pMessage=0x233b384) returned 0x0 [0316.695] send (s=0x5e0, buf=0x21e8c94*, len=605, flags=0) returned 605 [0316.695] setsockopt (s=0x5e0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0316.695] recv (in: s=0x5e0, buf=0x21f3834, len=5, flags=0 | out: buf=0x21f3834*) returned 5 [0316.960] recv (in: s=0x5e0, buf=0x21f3839, len=951, flags=0 | out: buf=0x21f3839*) returned 951 [0316.960] DecryptMessage (in: phContext=0x2260170, pMessage=0x233b514, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x233b514, pfQOP=0x0) returned 0x0 [0316.961] setsockopt (s=0x5e0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0316.961] SetEvent (hEvent=0x3d8) returned 1 [0316.961] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0316.961] PeekMessageW (in: lpMsg=0x19f844, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f844) returned 0 [0316.961] WaitMessage () Thread: id = 8 os_tid = 0xa04 Thread: id = 9 os_tid = 0x474 Thread: id = 10 os_tid = 0x9e8 [0129.927] CoGetContextToken (in: pToken=0x429fc3c | out: pToken=0x429fc3c) returned 0x0 [0129.927] CObjectContext::QueryInterface () returned 0x0 [0129.927] CObjectContext::GetCurrentThreadType () returned 0x0 [0129.927] Release () returned 0x0 [0129.927] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0129.927] RoInitialize () returned 0x1 [0129.927] RoUninitialize () returned 0x0 Thread: id = 11 os_tid = 0x9c4 Thread: id = 12 os_tid = 0xee8 Thread: id = 13 os_tid = 0x4f0 [0138.310] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0138.310] RoInitialize () returned 0x1 [0138.310] RoUninitialize () returned 0x0 [0138.313] ResetEvent (hEvent=0x3d8) returned 1 [0253.776] QueryContextAttributesW (in: phContext=0x21e185c, ulAttribute=0x1a, pBuffer=0x4cdf750 | out: pBuffer=0x4cdf750) returned 0x0 [0253.799] DeleteSecurityContext (phContext=0x21e185c) returned 0x0 [0253.800] shutdown (s=0x4ec, how=2) returned 0 [0253.802] setsockopt (s=0x4ec, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0253.802] closesocket (s=0x4ec) returned 0 Thread: id = 14 os_tid = 0xbd8 Thread: id = 15 os_tid = 0x8b8